last executing test programs: 15.258514325s ago: executing program 0 (id=745): unshare(0x22020400) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r1, &(0x7f0000000440), 0x10) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000c}, 0x94) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) listen(r1, 0x0) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r3, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10) r4 = accept4$unix(r1, 0x0, 0x0, 0x0) recvmsg(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000480)=""/68, 0x44}], 0x1}, 0x80) 13.446492286s ago: executing program 0 (id=751): socket$inet_sctp(0x2, 0x5, 0x84) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000800000095"], &(0x7f0000000240)='GPL\x00', 0x1, 0x0, 0x0, 0x100}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000140)='contention_end\x00', r0}, 0x18) openat$kvm(0x0, &(0x7f00000000c0), 0x800, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ppoll(&(0x7f0000000080)=[{r1, 0x1118}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0xc048aeca, &(0x7f0000000080)) 12.882507381s ago: executing program 0 (id=754): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) connect$can_j1939(0xffffffffffffffff, &(0x7f0000000080)={0x1d, 0x0, 0x0, {0x2, 0x0, 0x3}, 0xfe}, 0x18) syz_usb_connect$uac1(0x0, 0xac, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000", @ANYRES32=0x1, @ANYBLOB='\x00\x00\x00'], 0x48) syz_genetlink_get_family_id$l2tp(&(0x7f0000000680), 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/mcfilter6\x00') lseek(r3, 0x80, 0x1) ioctl$TCSBRKP(0xffffffffffffffff, 0x5425, 0x0) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) io_setup(0x7, &(0x7f0000000780)) syslog(0x3, &(0x7f0000000200)=""/90, 0x5a) syz_io_uring_submit(0x0, 0x0, 0x0) ioctl$TCSETSF(r4, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x40, 0x80, "7a58beca39ed2d5a99bbc4bff0ebd3e9bd5a8e"}) ioctl$VIDIOC_G_CTRL(0xffffffffffffffff, 0xc008561b, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) fstatfs(0xffffffffffffffff, 0x0) 9.930150274s ago: executing program 3 (id=760): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000480), r0) sendmsg$NET_DM_CMD_START(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000006a80)={&(0x7f0000000000)={0x14, r1, 0x401, 0x70bd28, 0x10008, {0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) syz_open_dev$swradio(0x0, 0x1, 0x2) poll(0x0, 0x0, 0x4) r3 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r3, &(0x7f0000000140), 0x4924b68, 0x0) read$msr(0xffffffffffffffff, 0x0, 0x0) openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(0xffffffffffffffff, 0x2, 0x2) r4 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)={0x30, 0x1410, 0x1, 0x70bd2c, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @RDMA_NLDEV_ATTR_STAT_MODE={0x8, 0x4a, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x24044836}, 0xc094) 8.688861318s ago: executing program 1 (id=762): openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffeda}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') read$FUSE(r4, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="400000001000030400"/20, @ANYBLOB="00000000000000001800128008000100707070000c", @ANYRES32], 0x40}}, 0x0) readv(0xffffffffffffffff, &(0x7f0000001bc0)=[{&(0x7f0000000800)=""/106, 0x6a}], 0x1) r6 = creat(&(0x7f0000000340)='./file0\x00', 0x14) getpid() r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="380100001a000100fef7ffff0001000000000000000000000000ffffd7000002fc0100000000000000000d00000000010001071c4e230005000000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000004d46c000000ac14142500000000000000000000000000000000000000009201000000000000a39b000000000000ffff0000000000001c250800000000000500000000000000fcffffffffffffff0000000000000000ffffffffffffffff00000000000000001f00000000000000fefffffffffffffffafffffffcffffff000000008000"], 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f00000000c0), 0x1004001, &(0x7f0000000380)={'trans=fd,', {'rfdno', 0x3d, r6}}) 7.608317195s ago: executing program 1 (id=764): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) unshare(0x22020400) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r1, &(0x7f0000000440), 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000c}, 0x94) listen(r1, 0x0) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r2, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10) r3 = accept4$unix(r1, 0x0, 0x0, 0x0) recvmsg(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000480)=""/68, 0x44}], 0x1}, 0x80) 6.974384188s ago: executing program 3 (id=765): r0 = socket$nl_generic(0x10, 0x3, 0x10) dup(0xffffffffffffffff) r1 = socket$kcm(0x10, 0x400000002, 0x0) r2 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000c2bd0b20f8061b3039bb0102030109021b0001000000000904"], 0x0) syz_usb_control_io$uac1(r2, 0x0, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000003c0)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x7, 0x2, 0x1}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040001}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f000000bb80)=@newtfilter={0x4c, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0xfff0, 0xe}, {}, {0x7}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_KEYS={0x8, 0x1, 0x172ed}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}]}}, @TCA_CHAIN={0x8, 0xb, 0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x10}, 0x0) r7 = socket(0x400000000010, 0x3, 0x0) r8 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) semget$private(0x0, 0x4000, 0x0) semctl$SETALL(0x0, 0x0, 0x14, &(0x7f0000000740)) sendmsg$nl_route_sched(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newtfilter={0x34, 0x2c, 0xd27, 0x30bd29, 0x21dfdbfc, {0x0, 0x0, 0x0, r9, {0x0, 0xf}, {}, {0x7}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000014}, 0x200c4004) sendmsg$inet(r1, &(0x7f0000000100)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000140)="600000002e000d190a762d7f089e", 0xfca2}, {&(0x7f0000000280)="68cabf2dfb58fc0a1d6b689866f05d490d010088a8ffff0200258f2e4409b8f9e6aaeb88bea123dc2c6726e89b1ae2f6e8bcb5ee52dcd7298d39093c510293bca0b646a3ce904f6e6b788b3204c233e60ddc", 0x52}], 0x2}, 0x0) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x6, 0x5, 0x2, 0x87, 0xffffffff, 0x40}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c007fc6adba35326a89fd0712eea8e98875f31b824cb979da00001d27701c94bb1648d50d641e19b3d1e84c65de0fbe604975a82e099e495492dbc5d866434d083db8e4c7302d692c18d9167a6d76224f9b996ca4c622bbe97c378ff96f2966f8ba180b72fe3146b99471579772075548df8f2f3da89f4651ee6658a85606eb7b45f9746af02f202732cd936192610318099e1eba2ca64122aebaf31c08487a24fee253f29a4a11107c08fb6b2a1cd53690faabd8935b96a27083159e4d3351ec811259e8d332c169d15216517584251edf360ac7c4fb7f7abaa5e91a00000000000000", @ANYRES16=r10, @ANYBLOB="050000000000fbdbdf252e00000008000300", @ANYRES32=0x0], 0x1c}}, 0x0) 6.973885348s ago: executing program 2 (id=766): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x43, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x40001e0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_dev$dri(0x0, 0x1, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0) r4 = syz_open_dev$loop(&(0x7f0000000500), 0x47ffffa, 0x60500) ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f0000001ac0)={r3, 0x2000, {0x0, 0x0, 0x0, 0x3, 0x140000, 0x0, 0x0, 0x1e, 0x1c, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200", [0x0, 0x400]}}) socket$inet6(0xa, 0x2, 0x0) 6.15068356s ago: executing program 0 (id=767): pselect6(0x0, 0x0, 0x0, &(0x7f0000000300)={0x3ff, 0x7e7, 0x0, 0x9, 0x4, 0x0, 0x7fffffff, 0x3f6}, 0x0, 0x0) r0 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$TIOCGPKT(r0, 0x40045431, &(0x7f00000001c0)) 6.104472794s ago: executing program 1 (id=768): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1000008, 0x4000000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_OIF={0x8, 0x5, r3}]}, 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=@newlink={0x38, 0x10, 0x437, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x4}}}]}, 0x38}}, 0x0) r4 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) io_setup(0x8, 0x0) syz_emit_ethernet(0x66, &(0x7f0000000140)={@link_local, @local, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x2f, 0x0, @dev, @dev={0xac, 0x14, 0x14, 0xff}}}}}}, 0x0) r5 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000280), 0x40900, 0x0) io_setup(0x3, &(0x7f00000003c0)=0x0) io_submit(r6, 0x1, &(0x7f0000000000)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r5, 0x0}]) r7 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r7, &(0x7f0000000040)={0x28, 0x0, 0x2710}, 0x10) listen(r7, 0x0) r8 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r8, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10) openat$nci(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) ioctl(r9, 0x8b32, &(0x7f0000000040)) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) 5.202414404s ago: executing program 0 (id=769): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1000008, 0x4000000000008b}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10) sendmsg$nl_route(r0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = fsopen(&(0x7f0000000040)='afs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000000)='source', &(0x7f0000000180)='%(,c\xbe\xfbL:', 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='source', &(0x7f00000000c0)='%(,:', 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0) io_setup(0x8, &(0x7f0000002740)=0x0) setsockopt$inet6_IPV6_DSTOPTS(0xffffffffffffffff, 0x29, 0x3b, 0x0, 0x0) io_pgetevents(r3, 0x2, 0x2, &(0x7f0000000000)=[{}, {}], &(0x7f0000000080)={0x0, 0x989680}, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x20, 0x800000000004, @thr={0x0, 0x0}}, 0x0) r4 = mq_open(&(0x7f00000000c0)='\x00', 0x800, 0x4, &(0x7f0000000200)={0x7, 0x1000, 0x7f, 0x7fffffffffffffff}) mq_notify(r4, &(0x7f0000000280)={0x0, 0xf, 0x0, @thr={&(0x7f0000000300)="9fa968d193583d348a59054f121f8638a50394aad37ba36703c02858b8fc7ff593df740bf6e25e8e49cd137ad3b835399ccfb38c8ccb5fafd3095cb02f82d183355de197979c559f0f286773", &(0x7f0000000380)="7939cb380785cfac0ae46e"}}) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0) r5 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000700)}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_usb_connect(0x4, 0x24, 0x0, 0x0) 4.505682893s ago: executing program 1 (id=770): openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) socket$igmp(0x2, 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x100a, 0x200000000000008e}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$x25(0x9, 0x5, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r4, &(0x7f0000000340)={0xa, 0x3, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f0000000080)=@gcm_128={{0x304}, "a6341a1a379332f5", "1fd33c81cf7995313c09de00fd6ded74", "62266bd8", "1e00040000000100"}, 0x28) bpf$PROG_LOAD(0x5, 0x0, 0x0) close_range(0xffffffffffffffff, r4, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @random="010000000700"}) 4.450037559s ago: executing program 3 (id=771): syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000d00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000002c000000030a01080000000000000000010000000900030073797a32000000000900010073797a30000000005c000000060a010400000000000000000100000008000b40000000000900010073797a300000000034000480300001800a0001006d617463680000002000028008000300b07346e30a0001007374617465000000080002"], 0xd0}}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) writev(r0, &(0x7f0000000040), 0x2) openat$random(0xffffffffffffff9c, &(0x7f00000013c0), 0x300, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000100)={r1, &(0x7f0000000300)}, 0x20) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r3 = epoll_create(0x10001) mount$9p_fd(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB="feff"]) r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r4, 0x5b24, 0x0) 4.205778513s ago: executing program 2 (id=772): r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x2, 0x2a803) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, &(0x7f0000000280)={0x2, 0x100004, 0x20}) 4.092144244s ago: executing program 2 (id=773): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000180)='signal_generate\x00', r0}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0xffffffffffffffff}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6(0xa, 0x1, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_netprio_ifpriomap(r5, &(0x7f0000000080), 0x2, 0x0) sendfile(r4, r6, &(0x7f00000001c0)=0xa, 0xc) 3.058721177s ago: executing program 2 (id=774): socket$unix(0x1, 0x2, 0x0) socket$unix(0x1, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x40200, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x103001, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) eventfd2(0x0, 0x800) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) socket(0x10, 0x2, 0x0) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000080)={r4, 0x0, 0x3}) writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000080), 0xfffffebe}], 0x1) 2.942521408s ago: executing program 0 (id=775): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000b80)=ANY=[@ANYBLOB="12010000000000104355810700000000000109022400010000000c090400000203000000092104007101220500e4d93c49090581030004ff000029a6b2ca4c1d53c7af933c3947babe06279e0c6e807a811654cb3bac8f7a7491c16dd7f97d1fb0fd1f91104581ca638d6bd55f3dae1d61f18b75537fe71b0173b7b87d40f9e8ccddd9105b2deca524b093df205de9121167236a02655b8736610c413b"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000240)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="401805000000abcd92e9f8"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_open_procfs(0x0, &(0x7f00000001c0)='net/vlan/config\x00') bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000000)='kmem_cache_free\x00'}, 0x18) socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) add_key$user(&(0x7f0000000140), &(0x7f00000007c0)={'syz', 0x0}, &(0x7f0000000980)="f40fc24077021c9b084c60ffc26fd06301176d36c2f546f10626db12b9e78d629870bb26edb4a594a7b70000000000000000002945ffebbf0612dd3d0df936a10285ecc1ad2243d878dde6cfd6ea08d5abcb00bb35436929ddabce530b63fab525337057438cf64a506d54d5c83e3e593d1d53ad0e6a44168fe8cfc6ad98b653d80636e4", 0x84, 0xfffffffffffffffb) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="64796e2c0081985a8b6e323b26d2723b14612748db4d74b23e2661a62a335f0bc884305a1ed29e8701f9da1c9ebdba3c4d4a1adc1d201fb77f491eb67a944936850abcc554fb6ce6d6ce005a6c0e3683989adffbef2fae15bfca73c6d7d16d6ac18b35ef3485ede9fcc125b8c586bbbdbc0823e557bbcb293af37b9e2f61a8f4b8d6a4dd0950e930c04d789fa5ce62760292b9a59598527a14496c61765fd8d620aea4e69aec10790c07b16d24825a61ae07"]) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0xf1) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000000c0)='./bus\x00') r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x119800, 0x90) openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) getdents64(r3, &(0x7f0000000f80)=""/4096, 0x1000) pselect6(0x0, 0x0, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfc08}, 0x0, 0x0) 2.606614022s ago: executing program 2 (id=776): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000300), r0) sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700", @ANYRESOCT], 0x38}}, 0x0) 2.470071865s ago: executing program 2 (id=777): msgctl$MSG_STAT(0xffffffffffffffff, 0xb, 0x0) r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000d0918108ac051582588f0000000109022d00010000000009040000030b08000009058d67c8002a000009050502000000000009058b6e", @ANYRESOCT], 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f00000001c0)={'ip6_vti0\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000000480)={'syztnl0\x00', 0x0}) fcntl$getown(0xffffffffffffffff, 0x9) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, 0x0, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) rseq(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x0, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x3000006, 0x10, 0xffffffffffffffff, 0xffffd000) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) ioctl$TUNSETQUEUE(r6, 0x400454d9, &(0x7f0000000180)={'ip6gretap0\x00', 0x400}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) close(r7) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r7, 0x8914, 0x0) write$cgroup_subtree(r6, &(0x7f0000000440)=ANY=[], 0xfdef) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15) ioctl$KVM_RUN(r5, 0xae80, 0x0) syz_usb_control_io$lan78xx(r0, &(0x7f0000000140)={0x14, &(0x7f0000000000)={0x40, 0xc, 0x5, {0x5, 0x1, "3d61c0"}}, 0x0}, 0x0) 2.402385742s ago: executing program 1 (id=778): unshare(0x68040200) syz_usb_connect(0x0, 0x34, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000240)="5c00000014006b03c84e21008bf32c19021800f80200000044000200ac14140e05251e6182949a36c23d3b48dfd8cdbf9367b498fa51f60a64c9f4d4938037e786a6d0bdd77f6f60c1504bb9189d9193e9bd1c1b7800000000000000", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)=@ipv4_delrule={0x1c, 0x21, 0x1, 0x0, 0x25dfdbfe}, 0x1c}}, 0x44044) 2.030575919s ago: executing program 3 (id=779): connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x109702, 0x0) r0 = syz_io_uring_setup(0x10b, &(0x7f0000000140)={0x0, 0x334e, 0x10, 0x3, 0x800}, &(0x7f00000003c0)=0x0, &(0x7f0000000300)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000540)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000040)='./file0/file0\x00', 0x60, 0x185500, 0x12345}) openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) io_uring_enter(r0, 0x7277, 0x0, 0x0, 0x0, 0x0) 1.945230197s ago: executing program 3 (id=780): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x8ab43, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r3, &(0x7f0000000640)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0xfec0ffffffffffff, 0x1c9ae7fffe9a6f34}}, 0x1c) mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0) socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) r4 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r4, &(0x7f000001b700)=""/102392, 0x18ff8) openat(0xffffffffffffff9c, 0x0, 0x4842, 0x1cb) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f0000000000)=0x41d8, 0x4) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, 0x0) ioctl$KVM_SET_GUEST_DEBUG_x86(r2, 0x4048ae9b, &(0x7f00000005c0)={0x40003, 0x0, {[0x5, 0x0, 0x3, 0x0, 0x6, 0x6, 0x16, 0x2]}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.193926032s ago: executing program 1 (id=781): r0 = socket$nl_generic(0x10, 0x3, 0x10) dup(0xffffffffffffffff) r1 = socket$kcm(0x10, 0x400000002, 0x0) r2 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000c2bd0b20f8061b3039bb0102030109021b0001000000000904"], 0x0) syz_usb_control_io$uac1(r2, 0x0, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000003c0)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x7, 0x2, 0x1}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040001}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f000000bb80)=@newtfilter={0x4c, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0xfff0, 0xe}, {}, {0x7}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_KEYS={0x8, 0x1, 0x172ed}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}]}}, @TCA_CHAIN={0x8, 0xb, 0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x10}, 0x0) r7 = socket(0x400000000010, 0x3, 0x0) r8 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) r10 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r10, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) semget$private(0x0, 0x4000, 0x0) semctl$SETALL(0x0, 0x0, 0x14, &(0x7f0000000740)) sendmsg$nl_route_sched(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newtfilter={0x34, 0x2c, 0xd27, 0x30bd29, 0x21dfdbfc, {0x0, 0x0, 0x0, r9, {0x0, 0xf}, {}, {0x7}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000014}, 0x200c4004) sendmsg$inet(r1, &(0x7f0000000100)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000140)="600000002e000d190a762d7f089e", 0xfca2}, {&(0x7f0000000280)="68cabf2dfb58fc0a1d6b689866f05d490d010088a8ffff0200258f2e4409b8f9e6aaeb88bea123dc2c6726e89b1ae2f6e8bcb5ee52dcd7298d39093c510293bca0b646a3ce904f6e6b788b3204c233e60ddc", 0x52}], 0x2}, 0x0) r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x6, 0x5, 0x2, 0x87, 0xffffffff, 0x40}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c007fc6adba35326a89fd0712eea8e98875f31b824cb979da00001d27701c94bb1648d50d641e19b3d1e84c65de0fbe604975a82e099e495492dbc5d866434d083db8e4c7302d692c18d9167a6d76224f9b996ca4c622bbe97c378ff96f2966f8ba180b72fe3146b99471579772075548df8f2f3da89f4651ee6658a85606eb7b45f9746af02f202732cd936192610318099e1eba2ca64122aebaf31c08487a24fee253f29a4a11107c08fb6b2a1cd53690faabd8935b96a27083159e4d3351ec811259e8d332c169d15216517584251edf360ac7c4fb7f7abaa5e91a00000000000000", @ANYRES16=r11, @ANYBLOB="050000000000fbdbdf252e00000008000300", @ANYRES32=0x0], 0x1c}}, 0x0) 0s ago: executing program 3 (id=782): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="18000000000300000000000000"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, 0x0, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_BT_FLUSHABLE(r1, 0x112, 0x8, 0x0, &(0x7f0000000040)) write$bt_hci(r0, 0x0, 0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0) setresgid(0x0, 0xee01, 0xffffffffffffffff) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000004d00)='./file1\x00', 0x250942, 0x1cd) lstat(&(0x7f0000000440)='./file1\x00', &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000500)='./file1\x00', 0x0) lchown(&(0x7f00000005c0)='./file1\x00', r5, 0x0) quotactl_fd$Q_GETNEXTQUOTA(r4, 0xffffffff80000901, 0xee00, 0x0) syz_io_uring_setup(0x2f79, &(0x7f0000000180)={0x0, 0x7b8a, 0x80, 0x2, 0x315, 0x0, r4}, &(0x7f0000000240), 0x0) timer_create(0x0, 0x0, &(0x7f0000bbdffc)) accept4$rose(r3, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.107' (ED25519) to the list of known hosts. [ 80.029776][ T5775] cgroup: Unknown subsys name 'net' [ 80.167479][ T5775] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 81.844030][ T5775] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 83.632187][ T5789] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 83.640889][ T5789] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 83.650822][ T5789] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 83.659643][ T5789] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 83.681740][ T5793] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 83.711237][ T5794] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 83.720924][ T5794] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 83.721172][ T5799] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 83.735440][ T5794] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 83.744833][ T5794] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 83.753114][ T5794] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 83.755972][ T5798] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 83.767171][ T5801] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 83.775138][ T5801] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 83.783601][ T5794] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 83.791457][ T5798] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 83.799658][ T5798] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 83.813824][ T5798] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 83.821335][ T5798] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 83.830993][ T5802] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 83.831283][ T5798] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 83.838681][ T5802] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 83.846895][ T5798] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 83.878929][ T5798] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 84.435288][ T5786] chnl_net:caif_netlink_parms(): no params data found [ 84.465059][ T5790] chnl_net:caif_netlink_parms(): no params data found [ 84.540895][ T5791] chnl_net:caif_netlink_parms(): no params data found [ 84.595337][ T5786] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.602931][ T5786] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.611012][ T5786] bridge_slave_0: entered allmulticast mode [ 84.618080][ T5786] bridge_slave_0: entered promiscuous mode [ 84.651247][ T5792] chnl_net:caif_netlink_parms(): no params data found [ 84.661624][ T5786] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.668890][ T5786] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.676061][ T5786] bridge_slave_1: entered allmulticast mode [ 84.683646][ T5786] bridge_slave_1: entered promiscuous mode [ 84.781893][ T5786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.795631][ T5786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.822544][ T5790] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.831141][ T5790] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.838468][ T5790] bridge_slave_0: entered allmulticast mode [ 84.845483][ T5790] bridge_slave_0: entered promiscuous mode [ 84.897852][ T5790] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.905301][ T5790] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.912964][ T5790] bridge_slave_1: entered allmulticast mode [ 84.920555][ T5790] bridge_slave_1: entered promiscuous mode [ 84.948150][ T5786] team0: Port device team_slave_0 added [ 84.954667][ T5791] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.962246][ T5791] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.969467][ T5791] bridge_slave_0: entered allmulticast mode [ 84.976403][ T5791] bridge_slave_0: entered promiscuous mode [ 85.002567][ T5786] team0: Port device team_slave_1 added [ 85.021117][ T5791] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.029073][ T5791] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.036277][ T5791] bridge_slave_1: entered allmulticast mode [ 85.044049][ T5791] bridge_slave_1: entered promiscuous mode [ 85.090819][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.097835][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.123860][ T5786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.152587][ T5790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.165490][ T5790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.188501][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.195577][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.221900][ T5786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.255532][ T5791] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.277530][ T5792] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.284993][ T5792] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.293674][ T5792] bridge_slave_0: entered allmulticast mode [ 85.301757][ T5792] bridge_slave_0: entered promiscuous mode [ 85.334862][ T5791] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.356897][ T5792] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.364506][ T5792] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.372308][ T5792] bridge_slave_1: entered allmulticast mode [ 85.381147][ T5792] bridge_slave_1: entered promiscuous mode [ 85.424496][ T5790] team0: Port device team_slave_0 added [ 85.448654][ T5786] hsr_slave_0: entered promiscuous mode [ 85.455151][ T5786] hsr_slave_1: entered promiscuous mode [ 85.465133][ T5791] team0: Port device team_slave_0 added [ 85.474838][ T5791] team0: Port device team_slave_1 added [ 85.482783][ T5790] team0: Port device team_slave_1 added [ 85.503848][ T5792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.516191][ T5792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.593510][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.600567][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.627706][ T5791] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.668758][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.675763][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.701961][ T5790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.713863][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.721304][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.748081][ T5791] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.783230][ T5792] team0: Port device team_slave_0 added [ 85.792532][ T5792] team0: Port device team_slave_1 added [ 85.799904][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.806866][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.833053][ T5790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.849538][ T5798] Bluetooth: hci0: command tx timeout [ 85.905212][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.912307][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.938726][ T5792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.943573][ T5798] Bluetooth: hci1: command tx timeout [ 85.949577][ T5793] Bluetooth: hci3: command tx timeout [ 85.955315][ T5802] Bluetooth: hci2: command tx timeout [ 85.994718][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.002085][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.028863][ T5792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.044803][ T5791] hsr_slave_0: entered promiscuous mode [ 86.052323][ T5791] hsr_slave_1: entered promiscuous mode [ 86.058761][ T5791] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 86.066559][ T5791] Cannot create hsr debugfs directory [ 86.143558][ T5790] hsr_slave_0: entered promiscuous mode [ 86.150117][ T5790] hsr_slave_1: entered promiscuous mode [ 86.156319][ T5790] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 86.164773][ T5790] Cannot create hsr debugfs directory [ 86.215461][ T5792] hsr_slave_0: entered promiscuous mode [ 86.222244][ T5792] hsr_slave_1: entered promiscuous mode [ 86.228731][ T5792] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 86.236323][ T5792] Cannot create hsr debugfs directory [ 86.564983][ T5786] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 86.595449][ T5786] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 86.606318][ T5786] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 86.616914][ T5786] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 86.698136][ T5790] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 86.725782][ T5790] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 86.736242][ T5790] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 86.750010][ T5790] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 86.813233][ T5791] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 86.830734][ T5791] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 86.865485][ T5791] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 86.877239][ T5791] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 86.955520][ T5792] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 86.983834][ T5792] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 87.009410][ T5792] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 87.022700][ T5792] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 87.133734][ T5790] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.168047][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.210335][ T5790] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.250939][ T2977] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.258366][ T2977] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.272071][ T2977] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.279358][ T2977] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.291643][ T5786] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.305696][ T2977] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.312883][ T2977] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.342205][ T2977] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.349426][ T2977] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.379815][ T5791] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.427899][ T5792] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.456551][ T5791] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.493650][ T2965] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.500833][ T2965] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.537680][ T5786] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 87.548878][ T5786] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 87.583074][ T2946] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.590354][ T2946] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.612814][ T5792] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.666348][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.673552][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.713855][ T2977] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.721081][ T2977] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.853275][ T5792] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 87.871216][ T5792] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 87.929166][ T5798] Bluetooth: hci0: command tx timeout [ 87.966412][ T5790] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.008879][ T5798] Bluetooth: hci1: command tx timeout [ 88.014358][ T5798] Bluetooth: hci2: command tx timeout [ 88.020167][ T5802] Bluetooth: hci3: command tx timeout [ 88.054797][ T5790] veth0_vlan: entered promiscuous mode [ 88.076630][ T5790] veth1_vlan: entered promiscuous mode [ 88.180317][ T5790] veth0_macvtap: entered promiscuous mode [ 88.202355][ T5790] veth1_macvtap: entered promiscuous mode [ 88.243624][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.296175][ T5786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.314498][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.345927][ T5790] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.358988][ T5790] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.367813][ T5790] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.377452][ T5790] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.486934][ T5791] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.499252][ T5786] veth0_vlan: entered promiscuous mode [ 88.544630][ T5792] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.555677][ T5786] veth1_vlan: entered promiscuous mode [ 88.571964][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.582266][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.640973][ T2115] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.673904][ T2115] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.713206][ T5786] veth0_macvtap: entered promiscuous mode [ 88.734231][ T5786] veth1_macvtap: entered promiscuous mode [ 88.786341][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 88.797699][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.810888][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.822070][ T5792] veth0_vlan: entered promiscuous mode [ 88.830356][ T5791] veth0_vlan: entered promiscuous mode [ 88.848168][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.859835][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.874713][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.906573][ T5786] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.919867][ T5786] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.929779][ T5786] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.941031][ T5786] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.961069][ T5791] veth1_vlan: entered promiscuous mode [ 88.970543][ T5792] veth1_vlan: entered promiscuous mode [ 89.065251][ T5792] veth0_macvtap: entered promiscuous mode [ 89.556741][ T5792] veth1_macvtap: entered promiscuous mode [ 89.567250][ T5860] IPVS: starting estimator thread 0... [ 89.696520][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.715561][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.722924][ T5791] veth0_macvtap: entered promiscuous mode [ 89.728561][ T5883] IPVS: using max 17 ests per chain, 40800 per kthread [ 89.754626][ T5791] veth1_macvtap: entered promiscuous mode [ 89.800609][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 89.811595][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.821742][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 89.832815][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.844458][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.860791][ T5879] can0: slcan on ptm0. [ 89.892255][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.904753][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 89.908647][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.919953][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.933370][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 89.943996][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.955365][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.994318][ T5792] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.004566][ T5792] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.009094][ T5798] Bluetooth: hci0: command tx timeout [ 90.019835][ T5792] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.028838][ T5792] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.043561][ T5878] can0 (unregistered): slcan off ptm0. [ 90.092103][ T5802] Bluetooth: hci2: command tx timeout [ 90.094143][ T5793] Bluetooth: hci3: command tx timeout [ 90.097653][ T5798] Bluetooth: hci1: command tx timeout [ 90.162703][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.183051][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.193725][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.206579][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.216874][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.227569][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.239574][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.248058][ T5885] netlink: 'syz.2.5': attribute type 1 has an invalid length. [ 90.335299][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.355406][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.366404][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.377007][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.386927][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.399550][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.415150][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.461261][ T5791] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.493833][ T5791] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.502993][ T5791] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.512456][ T5791] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.565307][ T5891] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6'. [ 90.612707][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.633170][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.633429][ T5860] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 90.728231][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 91.143594][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.149416][ T5860] usb 2-1: Using ep0 maxpacket: 32 [ 91.265281][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.289770][ T5860] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 91.318121][ T5860] usb 2-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39 [ 91.344977][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.374299][ T5860] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 91.388691][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.396881][ T5860] usb 2-1: Product: syz [ 91.404687][ T5860] usb 2-1: Manufacturer: syz [ 91.417937][ T5860] usb 2-1: SerialNumber: syz [ 91.452570][ T5860] usb 2-1: config 0 descriptor?? [ 91.533386][ T5860] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b [ 91.549550][ T2115] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.572791][ T2115] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.093774][ T5798] Bluetooth: hci0: command tx timeout [ 92.110362][ T5900] syz.3.4[5900]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 92.168911][ T5793] Bluetooth: hci2: command tx timeout [ 92.174617][ T5798] Bluetooth: hci1: command tx timeout [ 92.176782][ T786] cfg80211: failed to load regulatory.db [ 92.180822][ T5793] Bluetooth: hci3: command tx timeout [ 92.438292][ T0] NOHZ tick-stop error: local softirq work is pending, handler #c2!!! [ 92.519899][ T5860] gspca_pac7302: reg_w() failed i: 78 v: 00 error -110 [ 92.527490][ T5860] gspca_pac7302: probe of 2-1:0.0 failed with error -110 [ 93.499554][ T5901] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2'. [ 93.529105][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 93.537349][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 93.564298][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 93.572985][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 93.608919][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 93.617163][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 93.738723][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 93.770129][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 97.034696][ T5911] nbd2: detected capacity change from 0 to 63 [ 97.050313][ T5912] netlink: 'syz.2.8': attribute type 1 has an invalid length. [ 97.081338][ T5912] netlink: 'syz.2.8': attribute type 2 has an invalid length. [ 97.255167][ T5880] usb 2-1: USB disconnect, device number 2 [ 98.238328][ T5798] block nbd2: Receive control failed (result -104) [ 98.619769][ T5917] ALSA: mixer_oss: invalid OSS volume '' [ 99.129650][ T5941] ALSA: mixer_oss: invalid OSS volume '' [ 99.586716][ T5939] Zero length message leads to an empty skb [ 100.016303][ T5947] netlink: 4 bytes leftover after parsing attributes in process `syz.1.18'. [ 100.026636][ T5947] netlink: 4 bytes leftover after parsing attributes in process `syz.1.18'. [ 100.035703][ T5947] netlink: 4 bytes leftover after parsing attributes in process `syz.1.18'. [ 100.044694][ T5947] netlink: 4 bytes leftover after parsing attributes in process `syz.1.18'. [ 100.059282][ T5947] netlink: 4 bytes leftover after parsing attributes in process `syz.1.18'. [ 100.068923][ T5947] netlink: 4 bytes leftover after parsing attributes in process `syz.1.18'. [ 100.077823][ T5947] netlink: 4 bytes leftover after parsing attributes in process `syz.1.18'. [ 100.086819][ T5947] netlink: 4 bytes leftover after parsing attributes in process `syz.1.18'. [ 100.096208][ T5947] netlink: 4 bytes leftover after parsing attributes in process `syz.1.18'. [ 100.109938][ T5947] netlink: 4 bytes leftover after parsing attributes in process `syz.1.18'. [ 100.138405][ T9] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 100.348645][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 100.367463][ T9] usb 3-1: config 0 has an invalid descriptor of length 228, skipping remainder of the config [ 100.387177][ T9] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 100.410179][ T9] usb 3-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00 [ 100.420232][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.440605][ T9] usb 3-1: config 0 descriptor?? [ 100.463851][ T9] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 101.114098][ T5963] 9pnet_fd: Insufficient options for proto=fd [ 101.912021][ T5965] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 102.170103][ T5972] ALSA: mixer_oss: invalid OSS volume '' [ 102.260431][ T5969] nbd3: detected capacity change from 0 to 63 [ 102.646324][ T5969] netlink: 'syz.3.22': attribute type 1 has an invalid length. [ 102.656318][ T5969] netlink: 'syz.3.22': attribute type 2 has an invalid length. [ 102.681950][ T5793] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 102.690607][ T5793] Bluetooth: hci0: Injecting HCI hardware error event [ 102.712356][ T5802] Bluetooth: hci0: hardware error 0x00 [ 102.944029][ T5798] block nbd3: Receive control failed (result -104) [ 103.541434][ T5798] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 103.552181][ T5798] Bluetooth: hci1: Injecting HCI hardware error event [ 103.560890][ T5798] Bluetooth: hci1: hardware error 0x00 [ 103.578784][ T5863] usb 3-1: USB disconnect, device number 2 [ 104.623755][ T5992] ALSA: mixer_oss: invalid OSS volume '' [ 104.745297][ T5802] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 105.331224][ T5999] __nla_validate_parse: 48 callbacks suppressed [ 105.331241][ T5999] netlink: 4 bytes leftover after parsing attributes in process `syz.1.30'. [ 105.505371][ T5999] netlink: 4 bytes leftover after parsing attributes in process `syz.1.30'. [ 105.543308][ T5999] netlink: 4 bytes leftover after parsing attributes in process `syz.1.30'. [ 105.679161][ T6007] netlink: 72 bytes leftover after parsing attributes in process `syz.2.31'. [ 105.689469][ T6007] 9pnet_fd: Insufficient options for proto=fd [ 105.868445][ T5798] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 106.183691][ T5999] netlink: 4 bytes leftover after parsing attributes in process `syz.1.30'. [ 106.205010][ T5999] netlink: 4 bytes leftover after parsing attributes in process `syz.1.30'. [ 106.224489][ T5999] netlink: 4 bytes leftover after parsing attributes in process `syz.1.30'. [ 106.234059][ T5999] netlink: 4 bytes leftover after parsing attributes in process `syz.1.30'. [ 106.243182][ T5999] netlink: 4 bytes leftover after parsing attributes in process `syz.1.30'. [ 106.252631][ T5999] netlink: 4 bytes leftover after parsing attributes in process `syz.1.30'. [ 106.768319][ T5863] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 106.948352][ T6013] ALSA: mixer_oss: invalid OSS volume '' [ 106.979284][ T5863] usb 3-1: Using ep0 maxpacket: 16 [ 107.001883][ T5863] usb 3-1: config 0 has an invalid descriptor of length 228, skipping remainder of the config [ 107.138579][ T5863] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 107.178537][ T5863] usb 3-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00 [ 107.254143][ T5863] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 107.269403][ T5863] usb 3-1: config 0 descriptor?? [ 107.278643][ T5863] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 107.579558][ T6017] nbd1: detected capacity change from 0 to 63 [ 107.711796][ T6017] netlink: 'syz.1.36': attribute type 1 has an invalid length. [ 107.721121][ T6017] netlink: 'syz.1.36': attribute type 2 has an invalid length. [ 108.122587][ T5798] block nbd1: Receive control failed (result -104) [ 108.649090][ T5798] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 108.657876][ T5798] Bluetooth: hci3: Injecting HCI hardware error event [ 108.666761][ T5802] Bluetooth: hci3: hardware error 0x00 [ 109.136210][ T6027] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 109.427520][ T6033] ALSA: mixer_oss: invalid OSS volume '' [ 110.728298][ T5802] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 110.918841][ T6044] __nla_validate_parse: 48 callbacks suppressed [ 110.918878][ T6044] netlink: 8 bytes leftover after parsing attributes in process `syz.1.43'. [ 110.934086][ T6044] netlink: 12 bytes leftover after parsing attributes in process `syz.1.43'. [ 110.950520][ T6044] netlink: 72 bytes leftover after parsing attributes in process `syz.1.43'. [ 110.962557][ T6044] 9pnet_fd: Insufficient options for proto=fd [ 111.049164][ T5802] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 111.057976][ T5802] Bluetooth: hci2: Injecting HCI hardware error event [ 111.067230][ T5798] Bluetooth: hci2: hardware error 0x00 [ 112.173220][ T5860] usb 3-1: USB disconnect, device number 3 [ 112.383117][ T6053] netlink: 4 bytes leftover after parsing attributes in process `syz.1.45'. [ 112.413157][ T6053] netlink: 4 bytes leftover after parsing attributes in process `syz.1.45'. [ 112.428327][ T6053] netlink: 4 bytes leftover after parsing attributes in process `syz.1.45'. [ 112.449628][ T6053] netlink: 4 bytes leftover after parsing attributes in process `syz.1.45'. [ 112.458624][ T6053] netlink: 4 bytes leftover after parsing attributes in process `syz.1.45'. [ 112.467449][ T6053] netlink: 4 bytes leftover after parsing attributes in process `syz.1.45'. [ 112.476530][ T6053] netlink: 4 bytes leftover after parsing attributes in process `syz.1.45'. [ 112.846035][ T6059] ALSA: mixer_oss: invalid OSS volume '' [ 113.353313][ T6060] netlink: 'syz.0.48': attribute type 1 has an invalid length. [ 113.363575][ T6058] nbd0: detected capacity change from 0 to 63 [ 113.371357][ T6060] netlink: 'syz.0.48': attribute type 2 has an invalid length. [ 113.400827][ T5802] block nbd0: Receive control failed (result -104) [ 113.638259][ T5798] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 115.226319][ T6075] ALSA: mixer_oss: invalid OSS volume '' [ 116.218290][ T5889] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 117.158284][ T5889] usb 3-1: Using ep0 maxpacket: 16 [ 117.258860][ T5889] usb 3-1: config 0 has an invalid descriptor of length 228, skipping remainder of the config [ 117.270509][ T5889] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 117.291197][ T5889] usb 3-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00 [ 117.301885][ T5889] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.373524][ T5889] usb 3-1: config 0 descriptor?? [ 117.374757][ T6096] ALSA: mixer_oss: invalid OSS volume '' [ 117.436128][ T5889] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 119.109056][ T6106] __nla_validate_parse: 48 callbacks suppressed [ 119.109070][ T6106] netlink: 4 bytes leftover after parsing attributes in process `syz.3.60'. [ 119.133038][ T787] usb 3-1: USB disconnect, device number 4 [ 119.162268][ T6106] netlink: 4 bytes leftover after parsing attributes in process `syz.3.60'. [ 119.171884][ T6106] netlink: 4 bytes leftover after parsing attributes in process `syz.3.60'. [ 119.194662][ T6106] netlink: 4 bytes leftover after parsing attributes in process `syz.3.60'. [ 119.207476][ T6106] netlink: 4 bytes leftover after parsing attributes in process `syz.3.60'. [ 119.218878][ T6106] netlink: 4 bytes leftover after parsing attributes in process `syz.3.60'. [ 119.234472][ T6106] netlink: 4 bytes leftover after parsing attributes in process `syz.3.60'. [ 119.244878][ T6106] netlink: 4 bytes leftover after parsing attributes in process `syz.3.60'. [ 119.254963][ T6106] netlink: 4 bytes leftover after parsing attributes in process `syz.3.60'. [ 119.263994][ T6106] netlink: 4 bytes leftover after parsing attributes in process `syz.3.60'. [ 121.838336][ T9] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 122.038341][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 122.078861][ T9] usb 3-1: config 0 has an invalid descriptor of length 228, skipping remainder of the config [ 122.118844][ T9] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 122.187250][ T9] usb 3-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00 [ 122.196994][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.211437][ T9] usb 3-1: config 0 descriptor?? [ 122.239568][ T9] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 123.504516][ T6146] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 124.572916][ T6154] __nla_validate_parse: 45 callbacks suppressed [ 124.573045][ T6154] netlink: 4 bytes leftover after parsing attributes in process `syz.0.75'. [ 124.590570][ T6154] netlink: 4 bytes leftover after parsing attributes in process `syz.0.75'. [ 124.620604][ T9] usb 3-1: USB disconnect, device number 5 [ 124.639422][ T6154] netlink: 4 bytes leftover after parsing attributes in process `syz.0.75'. [ 124.651963][ T6154] netlink: 4 bytes leftover after parsing attributes in process `syz.0.75'. [ 124.663177][ T6154] netlink: 4 bytes leftover after parsing attributes in process `syz.0.75'. [ 124.672950][ T6154] netlink: 4 bytes leftover after parsing attributes in process `syz.0.75'. [ 124.684908][ T6154] netlink: 4 bytes leftover after parsing attributes in process `syz.0.75'. [ 124.696996][ T6154] netlink: 4 bytes leftover after parsing attributes in process `syz.0.75'. [ 124.707288][ T6154] netlink: 4 bytes leftover after parsing attributes in process `syz.0.75'. [ 124.716730][ T6154] netlink: 4 bytes leftover after parsing attributes in process `syz.0.75'. [ 125.089488][ T6157] ALSA: mixer_oss: invalid OSS volume '' [ 127.523585][ T24] block nbd2: Possible stuck request ffff888021a00000: control (read@0,1024B). Runtime 30 seconds [ 127.545025][ T24] block nbd2: Possible stuck request ffff888021a18000: control (read@1024,3072B). Runtime 30 seconds [ 127.761025][ T6181] overlayfs: failed to decode file handle (len=6, type=196859, flags=0, err=-22) [ 128.938314][ T6191] ALSA: mixer_oss: invalid OSS volume '' [ 130.059000][ T6201] ALSA: mixer_oss: invalid OSS volume '' [ 133.207352][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.588228][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.588273][ T1058] block nbd3: Possible stuck request ffff888021a88000: control (read@0,4096B). Runtime 30 seconds [ 133.821180][ T6215] overlayfs: failed to decode file handle (len=6, type=196859, flags=0, err=-22) [ 134.433678][ T6221] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 134.785349][ T6226] ALSA: mixer_oss: invalid OSS volume '' [ 136.467695][ T6236] __nla_validate_parse: 45 callbacks suppressed [ 136.467732][ T6236] netlink: 4 bytes leftover after parsing attributes in process `syz.3.97'. [ 136.484896][ T6236] netlink: 4 bytes leftover after parsing attributes in process `syz.3.97'. [ 136.494140][ T6236] netlink: 4 bytes leftover after parsing attributes in process `syz.3.97'. [ 136.507129][ T6236] netlink: 4 bytes leftover after parsing attributes in process `syz.3.97'. [ 136.517898][ T6236] netlink: 4 bytes leftover after parsing attributes in process `syz.3.97'. [ 136.528544][ T6236] netlink: 4 bytes leftover after parsing attributes in process `syz.3.97'. [ 136.549113][ T6236] netlink: 4 bytes leftover after parsing attributes in process `syz.3.97'. [ 136.559976][ T6236] netlink: 4 bytes leftover after parsing attributes in process `syz.3.97'. [ 136.577482][ T6236] netlink: 4 bytes leftover after parsing attributes in process `syz.3.97'. [ 136.593260][ T6236] netlink: 4 bytes leftover after parsing attributes in process `syz.3.97'. [ 136.611856][ T6241] nbd: nbd2 already in use [ 136.640782][ T6241] netlink: 'syz.2.100': attribute type 1 has an invalid length. [ 136.662572][ T6241] netlink: 'syz.2.100': attribute type 2 has an invalid length. [ 136.957431][ T6245] 9pnet_fd: Insufficient options for proto=fd [ 138.168552][ T6172] block nbd1: Possible stuck request ffff8880219a8000: control (read@0,1024B). Runtime 30 seconds [ 138.193567][ T6172] block nbd1: Possible stuck request ffff8880219a8200: control (read@1024,1024B). Runtime 30 seconds [ 138.242522][ T6172] block nbd1: Possible stuck request ffff8880219a8400: control (read@2048,1024B). Runtime 30 seconds [ 138.290857][ T6172] block nbd1: Possible stuck request ffff8880219a8600: control (read@3072,1024B). Runtime 30 seconds [ 140.807957][ T6269] ALSA: mixer_oss: invalid OSS volume '' [ 142.326101][ T6281] __nla_validate_parse: 48 callbacks suppressed [ 142.326140][ T6281] netlink: 8 bytes leftover after parsing attributes in process `syz.3.111'. [ 142.341787][ T6281] netlink: 12 bytes leftover after parsing attributes in process `syz.3.111'. [ 142.357066][ T6281] netlink: 72 bytes leftover after parsing attributes in process `syz.3.111'. [ 142.369642][ T6281] 9pnet_fd: Insufficient options for proto=fd [ 144.368401][ T1058] block nbd0: Possible stuck request ffff888021970000: control (read@0,1024B). Runtime 30 seconds [ 144.379139][ T1058] block nbd0: Possible stuck request ffff888021970200: control (read@1024,1024B). Runtime 30 seconds [ 144.392135][ T1058] block nbd0: Possible stuck request ffff888021970400: control (read@2048,1024B). Runtime 30 seconds [ 144.403268][ T1058] block nbd0: Possible stuck request ffff888021970600: control (read@3072,1024B). Runtime 30 seconds [ 146.068066][ T6303] netlink: 8 bytes leftover after parsing attributes in process `syz.1.119'. [ 146.437381][ T6309] nbd: nbd0 already in use [ 146.542901][ T6309] netlink: 'syz.0.121': attribute type 1 has an invalid length. [ 146.550991][ T6309] netlink: 'syz.0.121': attribute type 2 has an invalid length. [ 147.105291][ T6314] netlink: 8 bytes leftover after parsing attributes in process `syz.2.122'. [ 147.114444][ T6314] netlink: 12 bytes leftover after parsing attributes in process `syz.2.122'. [ 147.131822][ T6314] netlink: 72 bytes leftover after parsing attributes in process `syz.2.122'. [ 147.144737][ T6314] 9pnet_fd: Insufficient options for proto=fd [ 149.510242][ T6327] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 150.815617][ T6337] ALSA: mixer_oss: invalid OSS volume '' [ 153.321979][ T6361] netlink: 4 bytes leftover after parsing attributes in process `syz.3.137'. [ 153.337133][ T6361] netlink: 4 bytes leftover after parsing attributes in process `syz.3.137'. [ 153.404293][ T6361] netlink: 4 bytes leftover after parsing attributes in process `syz.3.137'. [ 153.414727][ T6361] netlink: 4 bytes leftover after parsing attributes in process `syz.3.137'. [ 153.423798][ T6361] netlink: 4 bytes leftover after parsing attributes in process `syz.3.137'. [ 153.432809][ T6361] netlink: 4 bytes leftover after parsing attributes in process `syz.3.137'. [ 153.442987][ T6361] netlink: 4 bytes leftover after parsing attributes in process `syz.3.137'. [ 153.462022][ T6361] netlink: 4 bytes leftover after parsing attributes in process `syz.3.137'. [ 153.497210][ T6361] netlink: 4 bytes leftover after parsing attributes in process `syz.3.137'. [ 153.510138][ T6361] netlink: 4 bytes leftover after parsing attributes in process `syz.3.137'. [ 154.178670][ T6374] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 155.238504][ T787] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 155.728488][ T787] usb 4-1: Using ep0 maxpacket: 16 [ 156.100102][ T787] usb 4-1: config 0 has an invalid descriptor of length 228, skipping remainder of the config [ 156.147055][ T787] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 156.210993][ T787] usb 4-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00 [ 156.286070][ T787] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.325266][ T787] usb 4-1: config 0 descriptor?? [ 156.342321][ T787] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 157.853430][ T6391] 9pnet_fd: Insufficient options for proto=fd [ 157.980724][ T6397] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 158.019144][ T24] block nbd2: Possible stuck request ffff888021a00000: control (read@0,1024B). Runtime 60 seconds [ 158.030399][ T24] block nbd2: Possible stuck request ffff888021a18000: control (read@1024,3072B). Runtime 60 seconds [ 159.942064][ T23] usb 4-1: USB disconnect, device number 2 [ 160.086872][ T6418] __nla_validate_parse: 49 callbacks suppressed [ 160.087332][ T6418] netlink: 4 bytes leftover after parsing attributes in process `syz.0.154'. [ 160.127185][ T6418] netlink: 4 bytes leftover after parsing attributes in process `syz.0.154'. [ 160.136906][ T6418] netlink: 4 bytes leftover after parsing attributes in process `syz.0.154'. [ 160.146356][ T6418] netlink: 4 bytes leftover after parsing attributes in process `syz.0.154'. [ 160.156153][ T6418] netlink: 4 bytes leftover after parsing attributes in process `syz.0.154'. [ 160.165420][ T6418] netlink: 4 bytes leftover after parsing attributes in process `syz.0.154'. [ 160.559860][ T6418] netlink: 4 bytes leftover after parsing attributes in process `syz.0.154'. [ 160.729346][ T6418] netlink: 4 bytes leftover after parsing attributes in process `syz.0.154'. [ 160.766424][ T6418] netlink: 4 bytes leftover after parsing attributes in process `syz.0.154'. [ 160.777686][ T6418] netlink: 4 bytes leftover after parsing attributes in process `syz.0.154'. [ 162.096338][ T6440] 9pnet_fd: Insufficient options for proto=fd [ 163.768435][ T1058] block nbd3: Possible stuck request ffff888021a88000: control (read@0,4096B). Runtime 60 seconds [ 165.475708][ T8] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 165.810547][ T6457] ALSA: mixer_oss: invalid OSS volume '' [ 165.942104][ T8] usb 2-1: Using ep0 maxpacket: 16 [ 165.974530][ T8] usb 2-1: config 0 has an invalid descriptor of length 228, skipping remainder of the config [ 166.055857][ T8] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 166.505701][ T8] usb 2-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00 [ 166.531468][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.547311][ T6472] __nla_validate_parse: 48 callbacks suppressed [ 166.547325][ T6472] netlink: 8 bytes leftover after parsing attributes in process `syz.2.172'. [ 166.603282][ T8] usb 2-1: config 0 descriptor?? [ 166.618743][ T8] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 168.727672][ T6483] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 168.789203][ T1058] block nbd1: Possible stuck request ffff8880219a8000: control (read@0,1024B). Runtime 60 seconds [ 168.801220][ T1058] block nbd1: Possible stuck request ffff8880219a8200: control (read@1024,1024B). Runtime 60 seconds [ 168.813454][ T1058] block nbd1: Possible stuck request ffff8880219a8400: control (read@2048,1024B). Runtime 60 seconds [ 168.824788][ T1058] block nbd1: Possible stuck request ffff8880219a8600: control (read@3072,1024B). Runtime 60 seconds [ 169.099685][ T6490] overlayfs: failed to decode file handle (len=6, type=196859, flags=0, err=-22) [ 169.293072][ T787] usb 2-1: USB disconnect, device number 3 [ 169.919441][ T6497] netlink: 8 bytes leftover after parsing attributes in process `syz.0.178'. [ 169.928898][ T6497] netlink: 12 bytes leftover after parsing attributes in process `syz.0.178'. [ 170.173071][ T6497] netlink: 72 bytes leftover after parsing attributes in process `syz.0.178'. [ 170.288657][ T6497] 9pnet_fd: Insufficient options for proto=fd [ 171.098854][ T6502] ALSA: mixer_oss: invalid OSS volume '' [ 173.554654][ T6517] netlink: 'syz.3.184': attribute type 1 has an invalid length. [ 173.563878][ T6517] netlink: 'syz.3.184': attribute type 2 has an invalid length. [ 173.808326][ T5839] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 173.982667][ T6535] overlayfs: failed to decode file handle (len=6, type=196859, flags=0, err=-22) [ 174.108329][ T5839] usb 3-1: Using ep0 maxpacket: 16 [ 174.116620][ T5839] usb 3-1: config 0 has an invalid descriptor of length 228, skipping remainder of the config [ 174.127940][ T5839] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 174.141929][ T5839] usb 3-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00 [ 174.151827][ T5839] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.181761][ T5839] usb 3-1: config 0 descriptor?? [ 174.200782][ T5839] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 174.660820][ T1058] block nbd0: Possible stuck request ffff888021970000: control (read@0,1024B). Runtime 60 seconds [ 174.672087][ T1058] block nbd0: Possible stuck request ffff888021970200: control (read@1024,1024B). Runtime 60 seconds [ 174.683030][ T1058] block nbd0: Possible stuck request ffff888021970400: control (read@2048,1024B). Runtime 60 seconds [ 174.693950][ T1058] block nbd0: Possible stuck request ffff888021970600: control (read@3072,1024B). Runtime 60 seconds [ 174.915651][ T6545] netlink: 8 bytes leftover after parsing attributes in process `syz.0.190'. [ 175.056261][ T6550] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 176.306336][ T6555] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 177.543826][ T6563] netlink: 8 bytes leftover after parsing attributes in process `syz.1.197'. [ 177.552821][ T6563] netlink: 12 bytes leftover after parsing attributes in process `syz.1.197'. [ 177.563672][ T6563] netlink: 72 bytes leftover after parsing attributes in process `syz.1.197'. [ 177.573573][ T6563] 9pnet_fd: Insufficient options for proto=fd [ 177.780450][ T5860] usb 3-1: USB disconnect, device number 6 [ 178.717398][ T6573] nbd: nbd2 already in use [ 178.763818][ T6573] netlink: 'syz.2.199': attribute type 1 has an invalid length. [ 178.776069][ T6573] netlink: 'syz.2.199': attribute type 2 has an invalid length. [ 179.161842][ T6582] overlayfs: failed to decode file handle (len=6, type=196859, flags=0, err=-22) [ 181.224130][ T6598] netlink: 8 bytes leftover after parsing attributes in process `syz.0.206'. [ 181.233045][ T6598] netlink: 12 bytes leftover after parsing attributes in process `syz.0.206'. [ 181.243838][ T6598] netlink: 72 bytes leftover after parsing attributes in process `syz.0.206'. [ 181.253881][ T6598] 9pnet_fd: Insufficient options for proto=fd [ 182.745150][ T6618] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 183.165368][ T6617] netlink: 8 bytes leftover after parsing attributes in process `syz.2.210'. [ 183.260768][ T6624] overlayfs: failed to decode file handle (len=6, type=196859, flags=0, err=-22) [ 186.534691][ T6637] netlink: 8 bytes leftover after parsing attributes in process `syz.1.216'. [ 186.544267][ T6637] netlink: 12 bytes leftover after parsing attributes in process `syz.1.216'. [ 186.554867][ T6637] netlink: 72 bytes leftover after parsing attributes in process `syz.1.216'. [ 186.564522][ T6637] 9pnet_fd: Insufficient options for proto=fd [ 187.578544][ T6648] nbd: nbd1 already in use [ 187.601831][ T6641] netlink: 'syz.1.218': attribute type 1 has an invalid length. [ 187.623893][ T6641] netlink: 'syz.1.218': attribute type 2 has an invalid length. [ 188.118455][ T6652] overlayfs: failed to decode file handle (len=6, type=196859, flags=0, err=-22) [ 188.772079][ T24] block nbd2: Possible stuck request ffff888021a00000: control (read@0,1024B). Runtime 90 seconds [ 188.782835][ T24] block nbd2: Possible stuck request ffff888021a18000: control (read@1024,3072B). Runtime 90 seconds [ 190.329942][ T8] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 190.530617][ T8] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 190.574385][ T8] usb 4-1: config 0 interface 0 has no altsetting 0 [ 190.599739][ T8] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 190.616999][ T8] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 190.632618][ T8] usb 4-1: Product: syz [ 190.638743][ T8] usb 4-1: Manufacturer: syz [ 190.645877][ T8] usb 4-1: SerialNumber: syz [ 190.690307][ T8] usb 4-1: config 0 descriptor?? [ 190.779840][ T8] usb 4-1: selecting invalid altsetting 0 [ 191.116577][ T6678] netlink: 8 bytes leftover after parsing attributes in process `syz.1.227'. [ 191.125532][ T6678] netlink: 12 bytes leftover after parsing attributes in process `syz.1.227'. [ 191.136496][ T6678] netlink: 72 bytes leftover after parsing attributes in process `syz.1.227'. [ 191.146595][ T6678] 9pnet_fd: Insufficient options for proto=fd [ 192.120344][ T6666] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 193.287175][ T5846] usb 4-1: USB disconnect, device number 3 [ 193.387054][ T6702] overlayfs: failed to decode file handle (len=6, type=196859, flags=0, err=-22) [ 193.872959][ T1058] block nbd3: Possible stuck request ffff888021a88000: control (read@0,4096B). Runtime 90 seconds [ 194.189313][ T6700] netlink: 8 bytes leftover after parsing attributes in process `syz.0.230'. [ 194.499764][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.506142][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.016780][ T1058] block nbd1: Possible stuck request ffff8880219a8000: control (read@0,1024B). Runtime 90 seconds [ 199.027568][ T1058] block nbd1: Possible stuck request ffff8880219a8200: control (read@1024,1024B). Runtime 90 seconds [ 199.042787][ T1058] block nbd1: Possible stuck request ffff8880219a8400: control (read@2048,1024B). Runtime 90 seconds [ 199.054181][ T1058] block nbd1: Possible stuck request ffff8880219a8600: control (read@3072,1024B). Runtime 90 seconds [ 199.794741][ T6750] overlayfs: failed to resolve './file0': -2 [ 203.506240][ T6776] netlink: 8 bytes leftover after parsing attributes in process `syz.1.246'. [ 204.888375][ T1058] block nbd0: Possible stuck request ffff888021970000: control (read@0,1024B). Runtime 90 seconds [ 204.899096][ T1058] block nbd0: Possible stuck request ffff888021970200: control (read@1024,1024B). Runtime 90 seconds [ 204.910100][ T1058] block nbd0: Possible stuck request ffff888021970400: control (read@2048,1024B). Runtime 90 seconds [ 204.921063][ T1058] block nbd0: Possible stuck request ffff888021970600: control (read@3072,1024B). Runtime 90 seconds [ 209.756864][ T6824] netlink: 8 bytes leftover after parsing attributes in process `syz.1.257'. [ 209.765820][ T6824] netlink: 12 bytes leftover after parsing attributes in process `syz.1.257'. [ 209.776568][ T6824] netlink: 72 bytes leftover after parsing attributes in process `syz.1.257'. [ 209.793622][ T6824] 9pnet_fd: Insufficient options for proto=fd [ 214.275915][ T6855] netlink: 8 bytes leftover after parsing attributes in process `syz.1.265'. [ 214.684071][ T6860] netlink: 8 bytes leftover after parsing attributes in process `syz.3.268'. [ 214.692946][ T6860] netlink: 12 bytes leftover after parsing attributes in process `syz.3.268'. [ 214.704382][ T6860] netlink: 72 bytes leftover after parsing attributes in process `syz.3.268'. [ 214.714128][ T6860] 9pnet_fd: Insufficient options for proto=fd [ 219.432812][ T24] block nbd2: Possible stuck request ffff888021a00000: control (read@0,1024B). Runtime 120 seconds [ 219.444162][ T24] block nbd2: Possible stuck request ffff888021a18000: control (read@1024,3072B). Runtime 120 seconds [ 220.837807][ T6903] netlink: 8 bytes leftover after parsing attributes in process `syz.2.278'. [ 220.846776][ T6903] netlink: 12 bytes leftover after parsing attributes in process `syz.2.278'. [ 220.858767][ T6903] netlink: 72 bytes leftover after parsing attributes in process `syz.2.278'. [ 220.869644][ T6903] 9pnet_fd: Insufficient options for proto=fd [ 224.628283][ T1058] block nbd3: Possible stuck request ffff888021a88000: control (read@0,4096B). Runtime 120 seconds [ 224.645401][ T6927] netlink: 8 bytes leftover after parsing attributes in process `syz.0.282'. [ 228.129132][ T6954] netlink: 8 bytes leftover after parsing attributes in process `syz.3.290'. [ 228.137963][ T6954] netlink: 12 bytes leftover after parsing attributes in process `syz.3.290'. [ 228.148679][ T6954] netlink: 72 bytes leftover after parsing attributes in process `syz.3.290'. [ 228.159247][ T6954] 9pnet_fd: Insufficient options for proto=fd [ 229.053925][ T6961] nbd: nbd0 already in use [ 229.063693][ T1058] block nbd1: Possible stuck request ffff8880219a8000: control (read@0,1024B). Runtime 120 seconds [ 229.074957][ T1058] block nbd1: Possible stuck request ffff8880219a8200: control (read@1024,1024B). Runtime 120 seconds [ 229.086432][ T1058] block nbd1: Possible stuck request ffff8880219a8400: control (read@2048,1024B). Runtime 120 seconds [ 229.097646][ T1058] block nbd1: Possible stuck request ffff8880219a8600: control (read@3072,1024B). Runtime 120 seconds [ 229.119302][ T6961] netlink: 'syz.0.293': attribute type 1 has an invalid length. [ 229.126982][ T6961] netlink: 'syz.0.293': attribute type 2 has an invalid length. [ 233.230695][ T6990] netlink: 8 bytes leftover after parsing attributes in process `syz.1.301'. [ 233.414422][ T6993] nbd: nbd0 already in use [ 233.684831][ T6993] netlink: 'syz.0.302': attribute type 1 has an invalid length. [ 233.898211][ T6993] netlink: 'syz.0.302': attribute type 2 has an invalid length. [ 235.304031][ T7007] netlink: 8 bytes leftover after parsing attributes in process `syz.0.304'. [ 235.314102][ T7007] netlink: 4 bytes leftover after parsing attributes in process `syz.0.304'. [ 235.323192][ T7007] netlink: 'syz.0.304': attribute type 14 has an invalid length. [ 235.818457][ T1058] block nbd0: Possible stuck request ffff888021970000: control (read@0,1024B). Runtime 120 seconds [ 235.829274][ T1058] block nbd0: Possible stuck request ffff888021970200: control (read@1024,1024B). Runtime 120 seconds [ 235.840543][ T1058] block nbd0: Possible stuck request ffff888021970400: control (read@2048,1024B). Runtime 120 seconds [ 235.851837][ T1058] block nbd0: Possible stuck request ffff888021970600: control (read@3072,1024B). Runtime 120 seconds [ 238.704235][ T7025] nbd: nbd2 already in use [ 238.729870][ T7025] netlink: 'syz.2.312': attribute type 1 has an invalid length. [ 238.740867][ T7025] netlink: 'syz.2.312': attribute type 2 has an invalid length. [ 242.781330][ T7053] netlink: 8 bytes leftover after parsing attributes in process `syz.1.320'. [ 244.244331][ T7070] smc: net device ip6tnl0 applied user defined pnetid SYZ2 [ 244.859330][ T5846] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 245.149051][ T5846] usb 3-1: Using ep0 maxpacket: 16 [ 245.327357][ T5846] usb 3-1: config 0 has an invalid descriptor of length 228, skipping remainder of the config [ 245.492966][ T5846] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 245.669565][ T5846] usb 3-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00 [ 245.692559][ T5846] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 245.716919][ T5846] usb 3-1: config 0 descriptor?? [ 246.257778][ T5846] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 247.730931][ T5860] usb 3-1: USB disconnect, device number 7 [ 249.530691][ T24] block nbd2: Possible stuck request ffff888021a00000: control (read@0,1024B). Runtime 150 seconds [ 249.541662][ T24] block nbd2: Possible stuck request ffff888021a18000: control (read@1024,3072B). Runtime 150 seconds [ 250.359365][ T7131] netlink: 8 bytes leftover after parsing attributes in process `syz.1.341'. [ 251.228240][ T23] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 251.418264][ T23] usb 1-1: Using ep0 maxpacket: 16 [ 251.430791][ T23] usb 1-1: config 0 has an invalid descriptor of length 228, skipping remainder of the config [ 251.443157][ T23] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 251.461199][ T23] usb 1-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00 [ 251.474377][ T23] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 251.527559][ T23] usb 1-1: config 0 descriptor?? [ 251.555590][ T23] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 253.060443][ T7153] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 255.679178][ T6172] block nbd3: Possible stuck request ffff888021a88000: control (read@0,4096B). Runtime 150 seconds [ 255.934138][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.951100][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.001401][ T787] usb 1-1: USB disconnect, device number 2 [ 257.233498][ T7176] netlink: 12 bytes leftover after parsing attributes in process `syz.1.349'. [ 257.500326][ T7169] use of bytesused == 0 is deprecated and will be removed in the future, [ 257.542383][ T7169] use the actual size instead. [ 257.713759][ T7187] netlink: 8 bytes leftover after parsing attributes in process `syz.0.355'. [ 259.128866][ T6172] block nbd1: Possible stuck request ffff8880219a8000: control (read@0,1024B). Runtime 150 seconds [ 259.139696][ T6172] block nbd1: Possible stuck request ffff8880219a8200: control (read@1024,1024B). Runtime 150 seconds [ 259.151309][ T6172] block nbd1: Possible stuck request ffff8880219a8400: control (read@2048,1024B). Runtime 150 seconds [ 259.162390][ T6172] block nbd1: Possible stuck request ffff8880219a8600: control (read@3072,1024B). Runtime 150 seconds [ 262.542899][ T7225] netlink: 8 bytes leftover after parsing attributes in process `syz.2.367'. [ 263.415210][ T787] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 264.058239][ T787] usb 2-1: Using ep0 maxpacket: 32 [ 264.087524][ T787] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 264.122504][ T787] usb 2-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39 [ 264.142100][ T787] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 264.168283][ T787] usb 2-1: Product: syz [ 264.172561][ T787] usb 2-1: Manufacturer: syz [ 264.207752][ T787] usb 2-1: SerialNumber: syz [ 264.226913][ T787] usb 2-1: config 0 descriptor?? [ 264.242738][ T787] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b [ 265.141749][ T787] gspca_pac7302: reg_w() failed i: ff v: 01 error -110 [ 265.158349][ T787] gspca_pac7302: probe of 2-1:0.0 failed with error -110 [ 266.195273][ T7247] netlink: 44 bytes leftover after parsing attributes in process `syz.1.368'. [ 266.288247][ T1058] block nbd0: Possible stuck request ffff888021970000: control (read@0,1024B). Runtime 150 seconds [ 266.316049][ T1058] block nbd0: Possible stuck request ffff888021970200: control (read@1024,1024B). Runtime 150 seconds [ 266.353047][ T1058] block nbd0: Possible stuck request ffff888021970400: control (read@2048,1024B). Runtime 150 seconds [ 266.390328][ T1058] block nbd0: Possible stuck request ffff888021970600: control (read@3072,1024B). Runtime 150 seconds [ 267.246790][ T7249] overlayfs: missing 'lowerdir' [ 269.084539][ T5889] usb 2-1: USB disconnect, device number 4 [ 271.019011][ T787] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 271.218427][ T787] usb 2-1: Using ep0 maxpacket: 16 [ 271.313629][ T7284] overlayfs: missing 'lowerdir' [ 271.330122][ T787] usb 2-1: config 0 has an invalid descriptor of length 228, skipping remainder of the config [ 271.361688][ T787] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 271.428353][ T787] usb 2-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00 [ 271.541339][ T787] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 271.579376][ T787] usb 2-1: config 0 descriptor?? [ 271.603167][ T787] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 272.890389][ T7301] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 276.191954][ T5860] usb 2-1: USB disconnect, device number 5 [ 277.607767][ T7317] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 278.372918][ T7321] overlayfs: missing 'workdir' [ 278.374947][ T7319] nbd: nbd2 already in use [ 278.461757][ T7319] netlink: 'syz.2.394': attribute type 1 has an invalid length. [ 278.474401][ T7319] netlink: 'syz.2.394': attribute type 2 has an invalid length. [ 279.634102][ T24] block nbd2: Possible stuck request ffff888021a00000: control (read@0,1024B). Runtime 180 seconds [ 279.644978][ T24] block nbd2: Possible stuck request ffff888021a18000: control (read@1024,3072B). Runtime 180 seconds [ 280.050137][ T5860] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 280.188231][ T5889] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 280.238259][ T5860] usb 1-1: Using ep0 maxpacket: 16 [ 280.247264][ T5860] usb 1-1: config 0 has an invalid descriptor of length 228, skipping remainder of the config [ 280.271501][ T5860] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 280.289438][ T5860] usb 1-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00 [ 280.303111][ T5860] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 280.332881][ T5860] usb 1-1: config 0 descriptor?? [ 280.352013][ T5860] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 280.558212][ T5889] usb 2-1: Using ep0 maxpacket: 8 [ 280.569827][ T5889] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 280.586953][ T5889] usb 2-1: New USB device found, idVendor=2801, idProduct=0201, bcdDevice=2a.d5 [ 280.596776][ T5889] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 280.632530][ T5889] usb 2-1: config 0 descriptor?? [ 280.663146][ T5889] usb 2-1: Found UVC 0.00 device (2801:0201) [ 280.693607][ T5889] usb 2-1: No valid video chain found. [ 281.044520][ T7334] netlink: 'syz.1.398': attribute type 2 has an invalid length. [ 281.068025][ T23] usb 2-1: USB disconnect, device number 6 [ 282.004718][ T7352] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 284.710832][ T5846] usb 1-1: USB disconnect, device number 3 [ 284.863703][ T7360] overlayfs: missing 'workdir' [ 286.008765][ T6172] block nbd3: Possible stuck request ffff888021a88000: control (read@0,4096B). Runtime 180 seconds [ 286.777352][ T7376] netlink: 'syz.2.408': attribute type 4 has an invalid length. [ 286.885596][ T7376] netlink: 17 bytes leftover after parsing attributes in process `syz.2.408'. [ 287.487426][ T7388] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 287.965130][ T7394] overlayfs: missing 'workdir' [ 289.384100][ T6172] block nbd1: Possible stuck request ffff8880219a8000: control (read@0,1024B). Runtime 180 seconds [ 289.397892][ T6172] block nbd1: Possible stuck request ffff8880219a8200: control (read@1024,1024B). Runtime 180 seconds [ 289.409730][ T6172] block nbd1: Possible stuck request ffff8880219a8400: control (read@2048,1024B). Runtime 180 seconds [ 289.426244][ T6172] block nbd1: Possible stuck request ffff8880219a8600: control (read@3072,1024B). Runtime 180 seconds [ 291.605987][ T7414] syz_tun: entered allmulticast mode [ 292.128473][ T7423] netlink: 72 bytes leftover after parsing attributes in process `syz.3.425'. [ 292.159894][ T7423] 9pnet_fd: Insufficient options for proto=fd [ 293.110658][ T7416] netlink: 24 bytes leftover after parsing attributes in process `syz.0.423'. [ 294.442854][ T7432] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 294.655640][ T7412] syz_tun: left allmulticast mode [ 297.141832][ T6172] block nbd0: Possible stuck request ffff888021970000: control (read@0,1024B). Runtime 180 seconds [ 297.154990][ T6172] block nbd0: Possible stuck request ffff888021970200: control (read@1024,1024B). Runtime 180 seconds [ 297.169698][ T6172] block nbd0: Possible stuck request ffff888021970400: control (read@2048,1024B). Runtime 180 seconds [ 297.236522][ T6172] block nbd0: Possible stuck request ffff888021970600: control (read@3072,1024B). Runtime 180 seconds [ 297.573642][ T7462] netlink: 72 bytes leftover after parsing attributes in process `syz.3.435'. [ 297.589367][ T7462] 9pnet_fd: Insufficient options for proto=fd [ 298.350914][ T7459] mmap: syz.2.431 (7459) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 301.018573][ T9] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 301.254664][ T7502] netlink: 72 bytes leftover after parsing attributes in process `syz.2.446'. [ 301.269901][ T7502] 9pnet_fd: Insufficient options for proto=fd [ 301.990050][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 302.050919][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 302.098529][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 302.420625][ T9] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 302.531319][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024 [ 302.566235][ T9] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 302.604525][ T9] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 302.625621][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 302.659175][ T9] usb 4-1: config 0 descriptor?? [ 302.665972][ T7490] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 303.181554][ T7515] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 303.410868][ T7490] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 304.198906][ T5860] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 304.562707][ T5860] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 304.616998][ T5860] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 304.681575][ T5860] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 304.729912][ T5860] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 304.756541][ T5860] usb 2-1: config 0 descriptor?? [ 304.808645][ T5798] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 304.994153][ T5860] usbhid 2-1:0.0: can't add hid device: -71 [ 305.025980][ T5860] usbhid: probe of 2-1:0.0 failed with error -71 [ 305.064176][ T5860] usb 2-1: USB disconnect, device number 7 [ 305.145891][ T7541] netlink: 72 bytes leftover after parsing attributes in process `syz.2.457'. [ 305.161628][ T7541] 9pnet_fd: Insufficient options for proto=fd [ 307.388971][ T7553] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 308.356581][ T8] usb 4-1: USB disconnect, device number 4 [ 309.721447][ T24] block nbd2: Possible stuck request ffff888021a00000: control (read@0,1024B). Runtime 210 seconds [ 309.734253][ T24] block nbd2: Possible stuck request ffff888021a18000: control (read@1024,3072B). Runtime 210 seconds [ 311.364304][ T7586] netlink: 72 bytes leftover after parsing attributes in process `syz.3.466'. [ 311.375707][ T7586] 9pnet_fd: Insufficient options for proto=fd [ 313.174164][ T7602] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 313.987126][ T7606] block nbd2: NBD_DISCONNECT [ 313.993897][ T7606] block nbd2: Send disconnect failed -32 [ 314.004832][ T7606] block nbd2: shutting down sockets [ 314.104366][ C0] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 314.113933][ C0] Buffer I/O error on dev nbd2, logical block 0, async page read [ 314.126776][ C0] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 3 prio class 2 [ 314.135957][ C0] Buffer I/O error on dev nbd2, logical block 1, async page read [ 314.143784][ C0] Buffer I/O error on dev nbd2, logical block 2, async page read [ 314.151606][ C0] Buffer I/O error on dev nbd2, logical block 3, async page read [ 314.181567][ T6172] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 4 prio class 2 [ 314.191828][ T6172] Buffer I/O error on dev nbd2, logical block 0, async page read [ 314.201875][ T6172] Buffer I/O error on dev nbd2, logical block 1, async page read [ 314.209753][ T6172] Buffer I/O error on dev nbd2, logical block 2, async page read [ 314.217661][ T6172] Buffer I/O error on dev nbd2, logical block 3, async page read [ 314.243218][ T6172] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 4 prio class 2 [ 314.252719][ T6172] Buffer I/O error on dev nbd2, logical block 0, async page read [ 314.260763][ T6172] Buffer I/O error on dev nbd2, logical block 1, async page read [ 314.268946][ T6172] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 4 prio class 2 [ 314.279343][ T6172] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 4 prio class 2 [ 314.288853][ T6172] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 4 prio class 2 [ 314.301969][ T6172] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 4 prio class 2 [ 314.315678][ T6172] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 4 prio class 2 [ 314.325665][ T5910] ldm_validate_partition_table(): Disk read failed. [ 314.336319][ T1058] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 4 prio class 2 [ 314.370356][ T5910] Dev nbd2: unable to read RDB block 0 [ 314.396295][ T5910] nbd2: unable to read partition table [ 315.015176][ T5910] ldm_validate_partition_table(): Disk read failed. [ 315.040724][ T5910] Dev nbd2: unable to read RDB block 0 [ 315.102816][ T5910] nbd2: unable to read partition table [ 315.278508][ T787] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 315.538741][ T787] usb 2-1: Using ep0 maxpacket: 32 [ 315.558398][ T787] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 315.579694][ T787] usb 2-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39 [ 315.588964][ T787] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 315.598016][ T787] usb 2-1: Product: syz [ 315.603168][ T787] usb 2-1: Manufacturer: syz [ 315.609122][ T787] usb 2-1: SerialNumber: syz [ 315.690307][ T787] usb 2-1: config 0 descriptor?? [ 315.699546][ T787] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b [ 316.211881][ T1058] block nbd3: Possible stuck request ffff888021a88000: control (read@0,4096B). Runtime 210 seconds [ 316.992963][ T7631] netlink: 60 bytes leftover after parsing attributes in process `syz.1.473'. [ 317.184963][ T787] gspca_pac7302: reg_w() failed i: 78 v: 00 error -110 [ 318.164103][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 318.172413][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.329072][ T787] gspca_pac7302: probe of 2-1:0.0 failed with error -110 [ 319.139040][ T5158] udevd[5158]: worker [5926] /devices/virtual/block/nbd3 timeout; kill it [ 319.246550][ T5158] udevd[5158]: seq 10675 '/devices/virtual/block/nbd3' killed [ 319.303740][ T5158] udevd[5158]: worker [6001] /devices/virtual/block/nbd1 timeout; kill it [ 319.373618][ T5158] udevd[5158]: seq 10709 '/devices/virtual/block/nbd1' killed [ 319.445814][ T5158] udevd[5158]: worker [5913] /devices/virtual/block/nbd0 timeout; kill it [ 319.555687][ T5158] udevd[5158]: seq 10735 '/devices/virtual/block/nbd0' killed [ 320.171801][ T1058] block nbd1: Possible stuck request ffff8880219a8000: control (read@0,1024B). Runtime 210 seconds [ 320.198524][ T1058] block nbd1: Possible stuck request ffff8880219a8200: control (read@1024,1024B). Runtime 210 seconds [ 320.210607][ T1058] block nbd1: Possible stuck request ffff8880219a8400: control (read@2048,1024B). Runtime 210 seconds [ 320.231679][ T1058] block nbd1: Possible stuck request ffff8880219a8600: control (read@3072,1024B). Runtime 210 seconds [ 320.668809][ T5846] usb 2-1: USB disconnect, device number 8 [ 320.711045][ T7638] syz_tun: entered allmulticast mode [ 321.045820][ T7633] syz_tun: left allmulticast mode [ 321.687837][ T7649] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 324.240438][ T7676] capability: warning: `syz.2.488' uses deprecated v2 capabilities in a way that may be insecure [ 324.282649][ T27] audit: type=1800 audit(1760100456.642:2): pid=7675 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.489" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 327.695582][ T1058] block nbd0: Possible stuck request ffff888021970000: control (read@0,1024B). Runtime 210 seconds [ 327.725769][ T1058] block nbd0: Possible stuck request ffff888021970200: control (read@1024,1024B). Runtime 210 seconds [ 327.768820][ T1058] block nbd0: Possible stuck request ffff888021970400: control (read@2048,1024B). Runtime 210 seconds [ 327.855967][ T1058] block nbd0: Possible stuck request ffff888021970600: control (read@3072,1024B). Runtime 210 seconds [ 329.608213][ T8] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 329.918257][ T8] usb 4-1: Using ep0 maxpacket: 16 [ 329.925006][ T8] usb 4-1: config 9 has an invalid interface number: 144 but max is 0 [ 329.935771][ T8] usb 4-1: config 9 has no interface number 0 [ 330.279208][ T8] usb 4-1: config 9 interface 144 has no altsetting 0 [ 330.336155][ T8] usb 4-1: New USB device found, idVendor=045e, idProduct=0927, bcdDevice=4b.68 [ 330.646824][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 330.859054][ T8] usb 4-1: Product: syz [ 330.877313][ T8] usb 4-1: Manufacturer: syz [ 330.899939][ T8] usb 4-1: SerialNumber: syz [ 331.292711][ T7750] overlayfs: missing 'workdir' [ 332.215155][ T8] r8152 4-1:9.144: Expected endpoints are not found [ 332.226304][ T8] r8152-cfgselector 4-1: Unknown version 0x0000 [ 332.235239][ T8] r8152-cfgselector 4-1: USB disconnect, device number 5 [ 332.892549][ T7762] netlink: 8 bytes leftover after parsing attributes in process `syz.1.509'. [ 335.126330][ T7782] overlayfs: missing 'lowerdir' [ 336.537892][ T7775] nbd: nbd3 already in use [ 336.566167][ T7775] netlink: 'syz.3.514': attribute type 1 has an invalid length. [ 336.575161][ T7775] netlink: 'syz.3.514': attribute type 2 has an invalid length. [ 336.778527][ T787] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 336.989908][ T787] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 337.098949][ T787] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 337.154312][ T787] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2dbe, bcdDevice= 0.00 [ 337.184222][ T787] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 337.219821][ T787] usb 3-1: config 0 descriptor?? [ 337.624194][ T7796] netlink: 72 bytes leftover after parsing attributes in process `syz.0.521'. [ 337.639820][ T7796] 9pnet_fd: Insufficient options for proto=fd [ 338.496614][ T787] konepure 0003:1E7D:2DBE.0001: unknown main item tag 0x1 [ 338.506101][ T787] konepure 0003:1E7D:2DBE.0001: unknown main item tag 0x2 [ 338.546632][ T787] konepure 0003:1E7D:2DBE.0001: hidraw0: USB HID v0.00 Device [HID 1e7d:2dbe] on usb-dummy_hcd.2-1/input0 [ 338.927025][ T28] usb 3-1: USB disconnect, device number 8 [ 340.298996][ T7819] overlayfs: missing 'lowerdir' [ 341.866500][ T7826] netlink: 8 bytes leftover after parsing attributes in process `syz.3.527'. [ 342.920274][ T7834] netlink: 17279 bytes leftover after parsing attributes in process `syz.2.530'. [ 344.977242][ T7850] overlayfs: missing 'lowerdir' [ 346.809634][ T1058] block nbd3: Possible stuck request ffff888021a88000: control (read@0,4096B). Runtime 240 seconds [ 350.750427][ T7891] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 350.752596][ T7891] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 350.755748][ T7891] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 351.810703][ T1058] block nbd1: Possible stuck request ffff8880219a8000: control (read@0,1024B). Runtime 240 seconds [ 351.821878][ T1058] block nbd1: Possible stuck request ffff8880219a8200: control (read@1024,1024B). Runtime 240 seconds [ 351.833320][ T1058] block nbd1: Possible stuck request ffff8880219a8400: control (read@2048,1024B). Runtime 240 seconds [ 351.844550][ T1058] block nbd1: Possible stuck request ffff8880219a8600: control (read@3072,1024B). Runtime 240 seconds [ 358.351803][ T1058] block nbd0: Possible stuck request ffff888021970000: control (read@0,1024B). Runtime 240 seconds [ 358.362909][ T1058] block nbd0: Possible stuck request ffff888021970200: control (read@1024,1024B). Runtime 240 seconds [ 358.374431][ T1058] block nbd0: Possible stuck request ffff888021970400: control (read@2048,1024B). Runtime 240 seconds [ 358.385551][ T1058] block nbd0: Possible stuck request ffff888021970600: control (read@3072,1024B). Runtime 240 seconds [ 358.445882][ T7941] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 358.455130][ T7941] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 358.467064][ T7941] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 362.397444][ T7971] netlink: 4 bytes leftover after parsing attributes in process `syz.1.564'. [ 362.686898][ T7973] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 362.696003][ T7973] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 362.707833][ T7973] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 364.897078][ T7991] syz_tun: entered allmulticast mode [ 365.362812][ T7989] syz_tun: left allmulticast mode [ 369.210740][ T23] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 369.291240][ T787] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 369.428452][ T23] usb 4-1: Using ep0 maxpacket: 32 [ 369.437422][ T23] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 369.452300][ T23] usb 4-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39 [ 369.464465][ T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 369.478100][ T23] usb 4-1: Product: syz [ 369.482310][ T23] usb 4-1: Manufacturer: syz [ 369.486998][ T23] usb 4-1: SerialNumber: syz [ 369.491764][ T787] usb 1-1: Using ep0 maxpacket: 32 [ 369.501560][ T23] usb 4-1: config 0 descriptor?? [ 369.508176][ T787] usb 1-1: config 0 has an invalid interface number: 78 but max is 0 [ 369.518172][ T23] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b [ 369.524911][ T787] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 369.536898][ T787] usb 1-1: config 0 has no interface number 0 [ 369.543120][ T787] usb 1-1: config 0 interface 78 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 369.556294][ T787] usb 1-1: config 0 interface 78 has no altsetting 0 [ 369.566861][ T787] usb 1-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=9b.26 [ 369.576059][ T787] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 369.584163][ T787] usb 1-1: Product: syz [ 369.588444][ T787] usb 1-1: Manufacturer: syz [ 369.593091][ T787] usb 1-1: SerialNumber: syz [ 369.604298][ T787] usb 1-1: config 0 descriptor?? [ 369.615225][ T787] (null): radio-mr800 - initialization failed [ 369.621864][ T787] radio-mr800: probe of 1-1:0.78 failed with error -22 [ 369.629287][ T787] usbhid 1-1:0.78: couldn't find an input interrupt endpoint [ 369.688258][ T6184] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 369.837410][ T8] usb 1-1: USB disconnect, device number 4 [ 369.878586][ T6184] usb 3-1: Using ep0 maxpacket: 16 [ 369.886813][ T6184] usb 3-1: config 0 has an invalid descriptor of length 228, skipping remainder of the config [ 369.898034][ T6184] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 369.911351][ T6184] usb 3-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00 [ 369.920562][ T6184] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 369.931536][ T6184] usb 3-1: config 0 descriptor?? [ 369.996309][ T6184] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 370.016313][ T8036] netlink: 44 bytes leftover after parsing attributes in process `syz.3.577'. [ 370.221910][ T23] gspca_pac7302: reg_w() failed i: 78 v: 00 error -110 [ 370.296943][ T23] gspca_pac7302: probe of 4-1:0.0 failed with error -110 [ 371.792899][ T8042] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 374.666998][ T9] usb 4-1: USB disconnect, device number 6 [ 375.914410][ T28] usb 3-1: USB disconnect, device number 9 [ 376.899439][ T1058] block nbd3: Possible stuck request ffff888021a88000: control (read@0,4096B). Runtime 270 seconds [ 377.292689][ T9] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 377.779750][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 377.793475][ T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 377.804955][ T9] usb 3-1: New USB device found, idVendor=2801, idProduct=0201, bcdDevice=2a.d5 [ 377.814361][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 377.835385][ T9] usb 3-1: config 0 descriptor?? [ 377.860539][ T9] usb 3-1: Found UVC 0.00 device (2801:0201) [ 377.867488][ T9] usb 3-1: No valid video chain found. [ 378.074368][ T787] usb 3-1: USB disconnect, device number 10 [ 378.829052][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.835427][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.779179][ T8092] syz_tun: entered allmulticast mode [ 381.030225][ C1] mroute: pending queue full, dropping entries [ 381.094368][ T8087] syz_tun: left allmulticast mode [ 381.930743][ T5860] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 381.942883][ T8107] overlayfs: failed to decode file handle (len=6, type=196859, flags=0, err=-22) [ 382.009530][ T1058] block nbd1: Possible stuck request ffff8880219a8000: control (read@0,1024B). Runtime 270 seconds [ 382.126257][ T1058] block nbd1: Possible stuck request ffff8880219a8200: control (read@1024,1024B). Runtime 270 seconds [ 382.138346][ T1058] block nbd1: Possible stuck request ffff8880219a8400: control (read@2048,1024B). Runtime 270 seconds [ 382.149450][ T1058] block nbd1: Possible stuck request ffff8880219a8600: control (read@3072,1024B). Runtime 270 seconds [ 382.258831][ T5860] usb 2-1: Using ep0 maxpacket: 32 [ 382.270479][ T5860] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 382.283556][ T5860] usb 2-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39 [ 382.292975][ T5860] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 382.313113][ T5860] usb 2-1: Product: syz [ 382.322369][ T5860] usb 2-1: Manufacturer: syz [ 382.709338][ T5860] usb 2-1: SerialNumber: syz [ 382.818723][ T5860] usb 2-1: config 0 descriptor?? [ 382.853732][ T5860] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b [ 383.247464][ T8128] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 383.419378][ T8129] netlink: 44 bytes leftover after parsing attributes in process `syz.1.592'. [ 383.628581][ T5860] gspca_pac7302: reg_w() failed i: 78 v: 00 error -110 [ 384.448578][ T5860] gspca_pac7302: probe of 2-1:0.0 failed with error -110 [ 384.815122][ T23] usb 2-1: USB disconnect, device number 9 [ 386.620576][ T8155] overlayfs: failed to decode file handle (len=6, type=196859, flags=0, err=-22) [ 387.179192][ T8156] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 388.697856][ T1058] block nbd0: Possible stuck request ffff888021970000: control (read@0,1024B). Runtime 270 seconds [ 388.712530][ T1058] block nbd0: Possible stuck request ffff888021970200: control (read@1024,1024B). Runtime 270 seconds [ 388.725058][ T1058] block nbd0: Possible stuck request ffff888021970400: control (read@2048,1024B). Runtime 270 seconds [ 388.736162][ T1058] block nbd0: Possible stuck request ffff888021970600: control (read@3072,1024B). Runtime 270 seconds [ 390.531361][ T8192] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 390.708169][ T787] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 390.928349][ T787] usb 2-1: Using ep0 maxpacket: 8 [ 390.946291][ T787] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 390.972295][ T787] usb 2-1: New USB device found, idVendor=2801, idProduct=0201, bcdDevice=2a.d5 [ 391.002408][ T787] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 391.028492][ T787] usb 2-1: config 0 descriptor?? [ 391.052048][ T787] usb 2-1: Found UVC 0.00 device (2801:0201) [ 391.073064][ T787] usb 2-1: No valid video chain found. [ 391.788558][ T23] usb 2-1: USB disconnect, device number 10 [ 396.588362][ T6184] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 396.828653][ T6184] usb 3-1: Using ep0 maxpacket: 8 [ 396.910327][ T6184] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 396.920837][ T6184] usb 3-1: New USB device found, idVendor=2801, idProduct=0201, bcdDevice=2a.d5 [ 396.930462][ T6184] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 396.967380][ T6184] usb 3-1: config 0 descriptor?? [ 396.981281][ T6184] usb 3-1: Found UVC 0.00 device (2801:0201) [ 396.994637][ T6184] usb 3-1: No valid video chain found. [ 397.327137][ T8256] netlink: 'syz.2.634': attribute type 2 has an invalid length. [ 397.367428][ T5860] usb 3-1: USB disconnect, device number 11 [ 399.500854][ T8293] syz_tun: entered allmulticast mode [ 401.818733][ T5880] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 402.073976][ T8333] netlink: 32 bytes leftover after parsing attributes in process `syz.1.652'. [ 402.093813][ T8333] netlink: 72 bytes leftover after parsing attributes in process `syz.1.652'. [ 402.123714][ T8333] 9pnet_fd: Insufficient options for proto=fd [ 402.398586][ T5880] usb 1-1: Using ep0 maxpacket: 8 [ 402.534920][ T5880] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 402.566348][ T5880] usb 1-1: New USB device found, idVendor=2801, idProduct=0201, bcdDevice=2a.d5 [ 402.576215][ T5880] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 402.940973][ T5880] usb 1-1: config 0 descriptor?? [ 403.135182][ T5880] usb 1-1: Found UVC 0.00 device (2801:0201) [ 403.274186][ T5880] usb 1-1: No valid video chain found. [ 403.310057][ T8321] netlink: 'syz.0.651': attribute type 2 has an invalid length. [ 403.373852][ T5880] usb 1-1: USB disconnect, device number 5 [ 406.968823][ T6172] block nbd3: Possible stuck request ffff888021a88000: control (read@0,4096B). Runtime 300 seconds [ 411.119157][ T8374] netlink: 72 bytes leftover after parsing attributes in process `syz.0.662'. [ 411.129591][ T8374] 9pnet_fd: Insufficient options for proto=fd [ 411.871705][ T8373] netlink: 8 bytes leftover after parsing attributes in process `syz.0.662'. [ 412.729461][ T1058] block nbd1: Possible stuck request ffff8880219a8000: control (read@0,1024B). Runtime 300 seconds [ 412.740440][ T1058] block nbd1: Possible stuck request ffff8880219a8200: control (read@1024,1024B). Runtime 300 seconds [ 412.752416][ T1058] block nbd1: Possible stuck request ffff8880219a8400: control (read@2048,1024B). Runtime 300 seconds [ 412.763918][ T1058] block nbd1: Possible stuck request ffff8880219a8600: control (read@3072,1024B). Runtime 300 seconds [ 414.167014][ T5846] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 414.508346][ T5846] usb 2-1: Using ep0 maxpacket: 8 [ 414.791635][ T5846] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 414.988996][ T5846] usb 2-1: New USB device found, idVendor=2801, idProduct=0201, bcdDevice=2a.d5 [ 415.045521][ T5846] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 415.128322][ T5860] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 415.287974][ T5846] usb 2-1: config 0 descriptor?? [ 415.419997][ T5846] usb 2-1: Found UVC 0.00 device (2801:0201) [ 415.426960][ T5846] usb 2-1: No valid video chain found. [ 415.461638][ T5860] usb 4-1: Using ep0 maxpacket: 8 [ 415.471694][ T5860] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 415.489834][ T5860] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 415.507460][ T5860] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 415.525093][ T5860] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 415.536777][ T5860] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 415.555970][ T5860] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 415.567209][ T5860] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 415.603571][ T8392] netlink: 'syz.1.666': attribute type 2 has an invalid length. [ 415.616292][ T28] usb 2-1: USB disconnect, device number 11 [ 415.728126][ T6184] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 415.794925][ T8403] 9pnet_fd: Insufficient options for proto=fd [ 415.803732][ T5860] usb 4-1: GET_CAPABILITIES returned 0 [ 415.809299][ T5860] usbtmc 4-1:16.0: can't read capabilities [ 415.848203][ T5839] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 415.908156][ T6184] usb 1-1: Using ep0 maxpacket: 32 [ 415.915616][ T6184] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 415.929184][ T6184] usb 1-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39 [ 415.938404][ T6184] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 415.946417][ T6184] usb 1-1: Product: syz [ 415.951033][ T6184] usb 1-1: Manufacturer: syz [ 415.955648][ T6184] usb 1-1: SerialNumber: syz [ 415.962728][ T6184] usb 1-1: config 0 descriptor?? [ 415.974506][ T6184] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b [ 416.018625][ T5860] usb 4-1: USB disconnect, device number 7 [ 416.048277][ T5839] usb 3-1: Using ep0 maxpacket: 16 [ 416.055404][ T5839] usb 3-1: config 0 has an invalid descriptor of length 228, skipping remainder of the config [ 416.066811][ T5839] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 416.079956][ T5839] usb 3-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00 [ 416.097546][ T5839] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 416.108619][ T5839] usb 3-1: config 0 descriptor?? [ 416.118840][ T5839] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 416.688770][ T6184] gspca_pac7302: reg_w() failed i: 78 v: 00 error -110 [ 416.696675][ T6184] gspca_pac7302: probe of 1-1:0.0 failed with error -110 [ 416.973878][ T8415] netlink: 44 bytes leftover after parsing attributes in process `syz.0.671'. [ 419.128374][ T6172] block nbd0: Possible stuck request ffff888021970000: control (read@0,1024B). Runtime 300 seconds [ 419.139394][ T6172] block nbd0: Possible stuck request ffff888021970200: control (read@1024,1024B). Runtime 300 seconds [ 419.175435][ T6172] block nbd0: Possible stuck request ffff888021970400: control (read@2048,1024B). Runtime 300 seconds [ 419.216874][ T6172] block nbd0: Possible stuck request ffff888021970600: control (read@3072,1024B). Runtime 300 seconds [ 421.360176][ T5880] usb 3-1: USB disconnect, device number 12 [ 421.470915][ T6184] usb 1-1: USB disconnect, device number 6 [ 424.650475][ T8465] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 425.275806][ T8463] geneve2: entered promiscuous mode [ 425.281241][ T8463] geneve2: entered allmulticast mode [ 425.422694][ T5880] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 425.572305][ T8470] netlink: 'syz.0.687': attribute type 2 has an invalid length. [ 425.608135][ T5880] usb 4-1: Using ep0 maxpacket: 16 [ 425.626575][ T5880] usb 4-1: config 0 has an invalid descriptor of length 228, skipping remainder of the config [ 425.637242][ T5880] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 425.654540][ T5880] usb 4-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00 [ 425.665246][ T5880] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 425.681083][ T5880] usb 4-1: config 0 descriptor?? [ 425.702664][ T5880] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 425.728225][ T5860] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 425.918402][ T5860] usb 3-1: Using ep0 maxpacket: 8 [ 425.943021][ T5860] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 425.968173][ T5860] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 425.983214][ T5860] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 426.016886][ T5860] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024 [ 426.151972][ T5860] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 426.185629][ T5860] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 426.534132][ T5860] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 426.558945][ T5860] usb 3-1: config 0 descriptor?? [ 426.584018][ T8467] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 427.049405][ T8485] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 428.648525][ T5798] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 429.915265][ T787] usb 4-1: USB disconnect, device number 8 [ 430.218452][ T5860] usb 3-1: USB disconnect, device number 13 [ 430.435171][ T8501] syzkaller1: entered promiscuous mode [ 430.445772][ T8501] syzkaller1: entered allmulticast mode [ 433.365305][ T5839] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 433.568235][ T5839] usb 3-1: Using ep0 maxpacket: 16 [ 433.584008][ T5839] usb 3-1: config 0 has an invalid descriptor of length 228, skipping remainder of the config [ 433.594897][ T5839] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 433.609972][ T5839] usb 3-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00 [ 433.622710][ T5839] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 433.650512][ T5839] usb 3-1: config 0 descriptor?? [ 433.671911][ T5839] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 433.778162][ T28] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 433.978227][ T28] usb 4-1: Using ep0 maxpacket: 8 [ 433.991462][ T28] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 434.002595][ T28] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 434.012470][ T28] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 434.022328][ T28] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024 [ 434.033638][ T28] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 434.045111][ T28] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 434.054369][ T28] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 434.080791][ T28] usb 4-1: config 0 descriptor?? [ 434.088875][ T8530] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 434.642868][ T8542] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 434.892956][ T8546] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 436.343281][ T5798] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 437.265605][ T1058] block nbd3: Possible stuck request ffff888021a88000: control (read@0,4096B). Runtime 330 seconds [ 438.804295][ T5839] usb 3-1: USB disconnect, device number 14 [ 439.546859][ T9] usb 4-1: USB disconnect, device number 9 [ 440.269230][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.275901][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.715045][ T8596] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 443.029280][ T1058] block nbd1: Possible stuck request ffff8880219a8000: control (read@0,1024B). Runtime 330 seconds [ 443.053260][ T1058] block nbd1: Possible stuck request ffff8880219a8200: control (read@1024,1024B). Runtime 330 seconds [ 443.066948][ T1058] block nbd1: Possible stuck request ffff8880219a8400: control (read@2048,1024B). Runtime 330 seconds [ 443.098053][ T1058] block nbd1: Possible stuck request ffff8880219a8600: control (read@3072,1024B). Runtime 330 seconds [ 446.061373][ T8638] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 446.215625][ T8640] netlink: 8 bytes leftover after parsing attributes in process `syz.0.725'. [ 446.224747][ T8640] netlink: 12 bytes leftover after parsing attributes in process `syz.0.725'. [ 446.249790][ T8640] netlink: 72 bytes leftover after parsing attributes in process `syz.0.725'. [ 446.265886][ T8640] 9pnet_fd: Insufficient options for proto=fd [ 449.286562][ T1058] block nbd0: Possible stuck request ffff888021970000: control (read@0,1024B). Runtime 330 seconds [ 449.297614][ T1058] block nbd0: Possible stuck request ffff888021970200: control (read@1024,1024B). Runtime 330 seconds [ 449.310184][ T1058] block nbd0: Possible stuck request ffff888021970400: control (read@2048,1024B). Runtime 330 seconds [ 449.328254][ T1058] block nbd0: Possible stuck request ffff888021970600: control (read@3072,1024B). Runtime 330 seconds [ 452.253600][ T787] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 452.461503][ T8685] netlink: 8 bytes leftover after parsing attributes in process `syz.3.735'. [ 452.470508][ T8685] netlink: 12 bytes leftover after parsing attributes in process `syz.3.735'. [ 452.482751][ T8685] netlink: 72 bytes leftover after parsing attributes in process `syz.3.735'. [ 452.493094][ T8685] 9pnet_fd: Insufficient options for proto=fd [ 452.500059][ T787] usb 1-1: Using ep0 maxpacket: 8 [ 452.524030][ T787] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 452.839488][ T787] usb 1-1: New USB device found, idVendor=2801, idProduct=0201, bcdDevice=2a.d5 [ 452.925635][ T787] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 453.064044][ T787] usb 1-1: config 0 descriptor?? [ 453.127522][ T787] usb 1-1: Found UVC 0.00 device (2801:0201) [ 453.147073][ T787] usb 1-1: No valid video chain found. [ 453.534400][ T8681] netlink: 'syz.0.737': attribute type 2 has an invalid length. [ 453.589109][ T5839] usb 1-1: USB disconnect, device number 7 [ 454.980295][ T8699] sp0: Synchronizing with TNC [ 457.468737][ T8728] netlink: 8 bytes leftover after parsing attributes in process `syz.2.748'. [ 457.477765][ T8728] netlink: 12 bytes leftover after parsing attributes in process `syz.2.748'. [ 457.496423][ T8726] netlink: 72 bytes leftover after parsing attributes in process `syz.2.748'. [ 457.508747][ T8726] 9pnet_fd: Insufficient options for proto=fd [ 462.689170][ T8775] netlink: 24 bytes leftover after parsing attributes in process `syz.1.762'. [ 462.764072][ T8776] netlink: 72 bytes leftover after parsing attributes in process `syz.1.762'. [ 462.774175][ T8776] 9pnet_fd: Insufficient options for proto=fd [ 463.510382][ T8777] capability: warning: `syz.2.763' uses 32-bit capabilities (legacy support in use) [ 464.398347][ T9] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 464.588457][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 464.600639][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 464.619782][ T9] usb 4-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39 [ 464.644421][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 464.682564][ T9] usb 4-1: Product: syz [ 464.696458][ T9] usb 4-1: Manufacturer: syz [ 464.707733][ T9] usb 4-1: SerialNumber: syz [ 464.826770][ T9] usb 4-1: config 0 descriptor?? [ 464.868590][ T9] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b [ 465.585586][ T8784] netlink: 44 bytes leftover after parsing attributes in process `syz.3.765'. [ 465.640072][ T9] gspca_pac7302: reg_w() failed i: 78 v: 00 error -110 [ 465.647027][ T9] gspca_pac7302: probe of 4-1:0.0 failed with error -110 [ 465.862172][ T9] usb 4-1: USB disconnect, device number 10 [ 466.948217][ T787] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 467.769457][ T1058] block nbd3: Possible stuck request ffff888021a88000: control (read@0,4096B). Runtime 360 seconds [ 467.979118][ T787] usb 4-1: Using ep0 maxpacket: 8 [ 467.986550][ T787] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 467.995047][ T787] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 468.028146][ T787] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 468.061238][ T787] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 468.081788][ T787] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 468.115653][ T787] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 468.129983][ T787] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 468.385909][ T8810] 9pnet_fd: Insufficient options for proto=fd [ 468.402721][ T787] usb 4-1: usb_control_msg returned -71 [ 468.421157][ T787] usbtmc 4-1:16.0: can't read capabilities [ 468.444390][ T787] usb 4-1: USB disconnect, device number 11 [ 468.458391][ T28] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 468.648729][ T28] usb 1-1: Using ep0 maxpacket: 16 [ 468.662733][ T28] usb 1-1: config 0 has an invalid descriptor of length 228, skipping remainder of the config [ 468.675312][ T28] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 468.692775][ T28] usb 1-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00 [ 468.702109][ T28] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 468.719660][ T28] usb 1-1: config 0 descriptor?? [ 468.736222][ T8831] netlink: 'syz.1.778': attribute type 2 has an invalid length. [ 468.741265][ T28] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 468.868130][ T5839] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 469.053171][ T5839] usb 3-1: Using ep0 maxpacket: 8 [ 469.078418][ T5839] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 469.095171][ T5839] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 469.105703][ T5839] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 469.115812][ T5839] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024 [ 469.127334][ T5839] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 469.137677][ T5839] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 469.146856][ T5839] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 469.168990][ T5839] usb 3-1: config 0 descriptor?? [ 469.175200][ T8828] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 469.990731][ T8844] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 470.978420][ T29] INFO: task udevd:5913 blocked for more than 144 seconds. [ 470.986399][ T29] Not tainted syzkaller #0 [ 471.248383][ T787] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 471.298210][ T5798] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 472.889689][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 472.898786][ T29] task:udevd state:D stack:25864 pid:5913 ppid:5158 flags:0x00004006 [ 472.908595][ T29] Call Trace: [ 472.911973][ T29] [ 472.915004][ T29] __schedule+0x14d2/0x44d0 [ 472.919727][ T29] ? asan.module_dtor+0x20/0x20 [ 472.924730][ T29] ? mark_lock+0x94/0x320 [ 472.929379][ T29] ? lock_chain_count+0x20/0x20 [ 472.934356][ T29] ? _raw_spin_lock_irq+0xaf/0xe0 [ 472.939838][ T29] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 472.945382][ T29] schedule+0xbd/0x170 [ 472.949592][ T29] io_schedule+0x80/0xd0 [ 472.957070][ T29] folio_wait_bit_common+0x6eb/0xf70 [ 472.974314][ T29] ? folio_wait_bit+0x30/0x30 [ 472.979695][ T29] ? _compound_head+0x120/0x120 [ 472.984764][ T29] ? __filemap_get_folio+0x70a/0xbc0 [ 472.990293][ T29] do_read_cache_folio+0x1c0/0x7e0 [ 472.995695][ T29] ? blkdev_writepage+0x30/0x30 [ 473.000713][ T29] read_part_sector+0xd2/0x350 [ 473.005713][ T29] adfspart_check_POWERTEC+0x8d/0xf00 [ 473.011415][ T29] ? adfspart_check_ADFS+0x660/0x660 [ 473.017057][ T29] ? put_partition+0x350/0x350 [ 473.021997][ T29] ? alloc_pages+0x4dc/0x740 [ 473.026826][ T29] bdev_disk_changed+0x73a/0x1410 [ 473.032093][ T29] ? bdev_resize_partition+0xf0/0xf0 [ 473.037636][ T29] ? iput+0x347/0x920 [ 473.043129][ T29] blkdev_get_whole+0x30d/0x390 [ 473.050482][ T29] blkdev_get_by_dev+0x279/0x600 [ 473.055727][ T29] blkdev_open+0x152/0x360 [ 473.062403][ T29] ? blkdev_mmap+0x1b0/0x1b0 [ 473.067083][ T29] do_dentry_open+0x8c6/0x1500 [ 473.072587][ T29] path_openat+0x274b/0x3190 [ 473.077254][ T29] ? __kasan_slab_alloc+0x6c/0x80 [ 473.082877][ T29] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 473.089362][ T29] ? verify_lock_unused+0x140/0x140 [ 473.094624][ T29] ? do_filp_open+0x3d0/0x3d0 [ 473.099876][ T29] ? __virt_addr_valid+0x18c/0x540 [ 473.105073][ T29] do_filp_open+0x1c5/0x3d0 [ 473.110182][ T29] ? vfs_tmpfile+0x490/0x490 [ 473.114884][ T29] ? _raw_spin_unlock+0x28/0x40 [ 473.126073][ T29] ? alloc_fd+0x58f/0x630 [ 473.131060][ T29] do_sys_openat2+0x12c/0x1c0 [ 473.135946][ T29] ? do_sys_open+0xe0/0xe0 [ 473.141991][ T29] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 473.148250][ T787] usb 2-1: Using ep0 maxpacket: 32 [ 473.156970][ T29] ? lock_chain_count+0x20/0x20 [ 473.160182][ T9] usb 1-1: USB disconnect, device number 8 [ 473.170526][ T787] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 473.186903][ T29] __x64_sys_openat+0x139/0x160 [ 473.195294][ T29] do_syscall_64+0x55/0xb0 [ 473.202624][ T29] ? clear_bhb_loop+0x40/0x90 [ 473.211833][ T787] usb 2-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39 [ 473.225657][ T29] ? clear_bhb_loop+0x40/0x90 [ 473.239364][ T787] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 473.255380][ T29] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 473.528307][ T8555] block nbd1: Possible stuck request ffff8880219a8000: control (read@0,1024B). Runtime 360 seconds [ 473.539534][ T8555] block nbd1: Possible stuck request ffff8880219a8200: control (read@1024,1024B). Runtime 360 seconds [ 473.559018][ T8555] block nbd1: Possible stuck request ffff8880219a8400: control (read@2048,1024B). Runtime 360 seconds [ 473.611038][ T8555] block nbd1: Possible stuck request ffff8880219a8600: control (read@3072,1024B). Runtime 360 seconds [ 473.655303][ T29] RIP: 0033:0x7fd32e4a7407 [ 473.684002][ T787] usb 2-1: Product: syz [ 473.771985][ T787] usb 2-1: Manufacturer: syz [ 473.787420][ T29] RSP: 002b:00007fff3a7ef350 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 473.985732][ T29] RAX: ffffffffffffffda RBX: 00007fd32ec0b880 RCX: 00007fd32e4a7407 [ 473.995830][ T29] RDX: 00000000000a0800 RSI: 000055ab398d5660 RDI: ffffffffffffff9c [ 474.003961][ T29] RBP: 000055ab398c5910 R08: 0000000000000000 R09: 0000000000000000 [ 474.013819][ T29] R10: 0000000000000000 R11: 0000000000000202 R12: 000055ab398dde00 [ 474.022258][ T29] R13: 000055ab398dd410 R14: 0000000000000000 R15: 000055ab398dde00 [ 474.022983][ T787] usb 2-1: SerialNumber: syz [ 474.030330][ T29] [ 474.030380][ T29] INFO: task udevd:5926 blocked for more than 147 seconds. [ 474.030397][ T29] Not tainted syzkaller #0 [ 474.030408][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 474.030417][ T29] task:udevd state:D stack:25128 pid:5926 ppid:5158 flags:0x00004006 [ 474.030454][ T29] Call Trace: [ 474.030462][ T29] [ 474.096175][ T787] usb 2-1: config 0 descriptor?? [ 474.101548][ T29] __schedule+0x14d2/0x44d0 [ 474.113446][ T29] ? asan.module_dtor+0x20/0x20 [ 474.118784][ T29] ? mark_lock+0x94/0x320 [ 474.123210][ T29] ? lock_chain_count+0x20/0x20 [ 474.128682][ T29] ? _raw_spin_lock_irq+0xaf/0xe0 [ 474.133803][ T29] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 474.140679][ T29] schedule+0xbd/0x170 [ 474.144872][ T29] io_schedule+0x80/0xd0 [ 474.150572][ T29] folio_wait_bit_common+0x6eb/0xf70 [ 474.155958][ T29] ? folio_wait_bit+0x30/0x30 [ 474.161222][ T29] ? _compound_head+0x120/0x120 [ 474.166145][ T29] ? filemap_add_folio+0x192/0x3c0 [ 474.178186][ T29] ? __filemap_get_folio+0x70a/0xbc0 [ 474.191250][ T29] ? blkdev_writepage+0x30/0x30 [ 474.207149][ T29] do_read_cache_folio+0x1c0/0x7e0 [ 474.222071][ T29] ? blkdev_writepage+0x30/0x30 [ 474.228697][ T29] read_part_sector+0xd2/0x350 [ 474.235234][ T29] adfspart_check_POWERTEC+0x8d/0xf00 [ 474.241827][ T787] usb 2-1: can't set config #0, error -71 [ 474.247627][ T29] ? adfspart_check_ADFS+0x660/0x660 [ 474.258452][ T787] usb 2-1: USB disconnect, device number 12 [ 474.268323][ T29] ? put_partition+0x350/0x350 [ 474.273182][ T29] ? alloc_pages+0x4dc/0x740 [ 474.280649][ T29] bdev_disk_changed+0x73a/0x1410 [ 474.285866][ T29] ? bdev_resize_partition+0xf0/0xf0 [ 474.294616][ T29] ? nbd_dead_link_work+0x320/0x320 [ 474.300392][ T29] blkdev_get_whole+0x30d/0x390 [ 474.305396][ T29] blkdev_get_by_dev+0x279/0x600 [ 474.312715][ T29] blkdev_open+0x152/0x360 [ 474.317282][ T29] ? blkdev_mmap+0x1b0/0x1b0 [ 474.322786][ T29] do_dentry_open+0x8c6/0x1500 [ 474.327881][ T29] path_openat+0x274b/0x3190 [ 474.332917][ T29] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 474.342763][ T29] ? lock_chain_count+0x20/0x20 [ 474.347798][ T29] ? do_filp_open+0x3d0/0x3d0 [ 474.353108][ T29] ? lockdep_hardirqs_on+0x98/0x150 [ 474.358504][ T29] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 474.364225][ T29] do_filp_open+0x1c5/0x3d0 [ 474.368958][ T29] ? vfs_tmpfile+0x490/0x490 [ 474.373711][ T29] ? _raw_spin_unlock+0x28/0x40 [ 474.378796][ T29] ? alloc_fd+0x58f/0x630 [ 474.383190][ T29] do_sys_openat2+0x12c/0x1c0 [ 474.387905][ T29] ? do_sys_open+0xe0/0xe0 [ 474.393843][ T29] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 474.400192][ T29] ? lock_chain_count+0x20/0x20 [ 474.405083][ T29] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 474.411286][ T29] __x64_sys_openat+0x139/0x160 [ 474.416189][ T29] do_syscall_64+0x55/0xb0 [ 474.420787][ T29] ? clear_bhb_loop+0x40/0x90 [ 474.425500][ T29] ? clear_bhb_loop+0x40/0x90 [ 474.430358][ T29] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 474.436290][ T29] RIP: 0033:0x7fd32e4a7407 [ 474.440892][ T29] RSP: 002b:00007fff3a7ef350 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 474.449694][ T29] RAX: ffffffffffffffda RBX: 00007fd32ec0b880 RCX: 00007fd32e4a7407 [ 474.457715][ T29] RDX: 00000000000a0800 RSI: 000055ab398e7040 RDI: ffffffffffffff9c [ 474.465790][ T29] RBP: 000055ab398c5910 R08: 0000000000000000 R09: 0000000000000000 [ 474.474126][ T29] R10: 0000000000000000 R11: 0000000000000202 R12: 000055ab398da830 [ 474.482738][ T29] R13: 000055ab398dd410 R14: 0000000000000000 R15: 000055ab398da830 [ 474.491005][ T29] [ 474.495803][ T29] INFO: task udevd:6001 blocked for more than 148 seconds. [ 474.503787][ T29] Not tainted syzkaller #0 [ 474.508925][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 474.517626][ T29] task:udevd state:D stack:25864 pid:6001 ppid:5158 flags:0x00004006 [ 474.526936][ T29] Call Trace: [ 474.530327][ T29] [ 474.533296][ T29] __schedule+0x14d2/0x44d0 [ 474.537858][ T29] ? mark_lock+0x21/0x320 [ 474.542341][ T29] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 474.548463][ T29] ? asan.module_dtor+0x20/0x20 [ 474.553399][ T29] ? lockdep_hardirqs_on+0x98/0x150 [ 474.558732][ T29] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 474.564419][ T29] schedule+0xbd/0x170 [ 474.568599][ T29] io_schedule+0x80/0xd0 [ 474.572882][ T29] folio_wait_bit_common+0x6eb/0xf70 [ 474.578324][ T29] ? folio_wait_bit+0x30/0x30 [ 474.583060][ T29] ? _compound_head+0x120/0x120 [ 474.588131][ T29] ? filemap_add_folio+0x192/0x3c0 [ 474.593301][ T29] ? __filemap_get_folio+0x70a/0xbc0 [ 474.599786][ T29] ? blkdev_writepage+0x30/0x30 [ 474.604730][ T29] do_read_cache_folio+0x1c0/0x7e0 [ 474.610348][ T29] ? blkdev_writepage+0x30/0x30 [ 474.615278][ T29] read_part_sector+0xd2/0x350 [ 474.620440][ T29] adfspart_check_POWERTEC+0x8d/0xf00 [ 474.625892][ T29] ? adfspart_check_ADFS+0x660/0x660 [ 474.632870][ T29] ? put_partition+0x350/0x350 [ 474.637690][ T29] ? alloc_pages+0x4dc/0x740 [ 474.642458][ T29] bdev_disk_changed+0x73a/0x1410 [ 474.647543][ T29] ? bdev_resize_partition+0xf0/0xf0 [ 474.653285][ T29] ? iput+0x347/0x920 [ 474.657343][ T29] blkdev_get_whole+0x30d/0x390 [ 474.662394][ T29] blkdev_get_by_dev+0x279/0x600 [ 474.667512][ T29] blkdev_open+0x152/0x360 [ 474.672185][ T29] ? blkdev_mmap+0x1b0/0x1b0 [ 474.676827][ T29] do_dentry_open+0x8c6/0x1500 [ 474.681735][ T29] path_openat+0x274b/0x3190 [ 474.686380][ T29] ? __kasan_slab_alloc+0x6c/0x80 [ 474.691479][ T29] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 474.698593][ T29] ? verify_lock_unused+0x140/0x140 [ 474.703876][ T29] ? do_filp_open+0x3d0/0x3d0 [ 474.708779][ T29] ? __virt_addr_valid+0x18c/0x540 [ 474.713960][ T29] do_filp_open+0x1c5/0x3d0 [ 474.718610][ T29] ? vfs_tmpfile+0x490/0x490 [ 474.723263][ T29] ? _raw_spin_unlock+0x28/0x40 [ 474.728298][ T29] ? alloc_fd+0x58f/0x630 [ 474.732689][ T29] do_sys_openat2+0x12c/0x1c0 [ 474.737425][ T29] ? do_sys_open+0xe0/0xe0 [ 474.742122][ T29] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 474.748251][ T29] ? lock_chain_count+0x20/0x20 [ 474.753189][ T29] __x64_sys_openat+0x139/0x160 [ 474.758282][ T29] do_syscall_64+0x55/0xb0 [ 474.762734][ T29] ? clear_bhb_loop+0x40/0x90 [ 474.767453][ T29] ? clear_bhb_loop+0x40/0x90 [ 474.772267][ T29] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 474.778269][ T29] RIP: 0033:0x7fd32e4a7407 [ 474.782728][ T29] RSP: 002b:00007fff3a7ef350 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 474.791236][ T29] RAX: ffffffffffffffda RBX: 00007fd32ec0b880 RCX: 00007fd32e4a7407 [ 474.800264][ T29] RDX: 00000000000a0800 RSI: 000055ab398dd0f0 RDI: ffffffffffffff9c [ 474.808484][ T29] RBP: 000055ab398c5910 R08: 0000000000000000 R09: 0000000000000000 [ 474.816490][ T29] R10: 0000000000000000 R11: 0000000000000202 R12: 000055ab398ef690 [ 474.824666][ T29] R13: 000055ab398dd410 R14: 0000000000000000 R15: 000055ab398ef690 [ 474.832731][ T29] [ 474.835901][ T29] [ 474.835901][ T29] Showing all locks held in the system: [ 474.848878][ T29] 4 locks held by kworker/u4:1/12: [ 474.857644][ T29] #0: ffff888017873938 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 [ 474.871021][ T29] #1: ffffc90000117d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 [ 474.882401][ T29] #2: ffffffff8dfae710 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x136/0xb90 [ 474.893199][ T29] #3: ffffffff8dfbb548 (rtnl_mutex){+.+.}-{3:3}, at: vti6_exit_batch_net+0xb7/0x410 [ 474.903740][ T29] 2 locks held by kworker/1:1/28: [ 474.909303][ T29] #0: ffff888017872538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 [ 474.920441][ T29] #1: ffffc90000a4fd00 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 [ 474.932706][ T29] 1 lock held by khungtaskd/29: [ 474.937588][ T29] #0: ffffffff8cd2ff20 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x290 [ 474.947906][ T29] 2 locks held by getty/5548: [ 474.952836][ T29] #0: ffff88814ceca0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 474.962706][ T29] #1: ffffc9000326e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x425/0x1380 [ 474.972955][ T29] 1 lock held by syz-executor/5791: [ 474.978247][ T29] #0: ffffffff8cd358f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x360/0x830 [ 474.991904][ T29] 1 lock held by udevd/5913: [ 474.996570][ T29] #0: ffff8881417944c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x121/0x600 [ 475.007639][ T29] 1 lock held by udevd/5926: [ 475.012674][ T29] #0: ffff888141b884c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x121/0x600 [ 475.022840][ T29] 1 lock held by udevd/6001: [ 475.027453][ T29] #0: ffff8880212a74c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x121/0x600 [ 475.037595][ T29] 2 locks held by syz.2.777/8846: [ 475.042882][ T29] #0: ffffffff8dfbb548 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x41/0x1c0 [ 475.052067][ T29] #1: ffffffff8cd358f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x448/0x830 [ 475.063131][ T29] [ 475.065492][ T29] ============================================= [ 475.065492][ T29] [ 475.074582][ T29] NMI backtrace for cpu 0 [ 475.079055][ T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted syzkaller #0 [ 475.086300][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 475.096387][ T29] Call Trace: [ 475.099712][ T29] [ 475.102661][ T29] dump_stack_lvl+0x16c/0x230 [ 475.107383][ T29] ? show_regs_print_info+0x20/0x20 [ 475.112626][ T29] ? load_image+0x3b0/0x3b0 [ 475.117162][ T29] nmi_cpu_backtrace+0x39b/0x3d0 [ 475.122149][ T29] ? nmi_trigger_cpumask_backtrace+0x2f0/0x2f0 [ 475.128341][ T29] ? _printk+0xd0/0x110 [ 475.132548][ T29] ? load_image+0x3b0/0x3b0 [ 475.137110][ T29] ? load_image+0x3b0/0x3b0 [ 475.141659][ T29] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 475.147788][ T29] nmi_trigger_cpumask_backtrace+0x17a/0x2f0 [ 475.153800][ T29] watchdog+0xf41/0xf80 [ 475.157972][ T29] ? watchdog+0x1e1/0xf80 [ 475.162346][ T29] kthread+0x2fa/0x390 [ 475.166459][ T29] ? hungtask_pm_notify+0x90/0x90 [ 475.171525][ T29] ? kthread_blkcg+0xd0/0xd0 [ 475.176125][ T29] ret_from_fork+0x48/0x80 [ 475.180568][ T29] ? kthread_blkcg+0xd0/0xd0 [ 475.185190][ T29] ret_from_fork_asm+0x11/0x20 [ 475.189981][ T29] [ 475.194075][ T29] Sending NMI from CPU 0 to CPUs 1: [ 475.199539][ C1] NMI backtrace for cpu 1 [ 475.199550][ C1] CPU: 1 PID: 22 Comm: ksoftirqd/1 Not tainted syzkaller #0 [ 475.199565][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 475.199574][ C1] RIP: 0010:__unwind_start+0x5/0x7e0 [ 475.199605][ C1] Code: ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 3d ff ff ff 4c 89 ff e8 5a 11 a2 00 e9 30 ff ff ff 0f 1f 44 00 00 f3 0f 1e fa 55 <41> 57 41 56 41 55 41 54 53 48 83 ec 30 48 89 4c 24 10 49 89 d4 49 [ 475.199619][ C1] RSP: 0018:ffffc900001c75d8 EFLAGS: 00000246 [ 475.199633][ C1] RAX: ffffffff813219e0 RBX: ffffc900001c76a0 RCX: ffffc900001c7670 [ 475.199645][ C1] RDX: 0000000000000000 RSI: ffff88801c67bc00 RDI: ffffc900001c75e8 [ 475.199656][ C1] RBP: ffffc900001c7670 R08: 0000000000000004 R09: 0000000000000000 [ 475.199687][ C1] R10: ffffc900001c7720 R11: fffffbfff1c9506e R12: ffff88801c67bc00 [ 475.199699][ C1] R13: ffffc900001c7a00 R14: ffffffff817467f0 R15: 0000000000000000 [ 475.199709][ C1] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 475.199722][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 475.199732][ C1] CR2: 00007effa4fb4198 CR3: 000000007f307000 CR4: 00000000003526e0 [ 475.199746][ C1] Call Trace: [ 475.199752][ C1] [ 475.199758][ C1] arch_stack_walk+0xf8/0x190 [ 475.199782][ C1] stack_trace_save+0x9c/0xe0 [ 475.199802][ C1] ? stack_trace_snprint+0xf0/0xf0 [ 475.199820][ C1] ? __lock_acquire+0x1260/0x7c80 [ 475.199843][ C1] kasan_set_track+0x4e/0x70 [ 475.199888][ C1] ? kmem_cache_free+0xf8/0x280 [ 475.199910][ C1] kasan_save_free_info+0x2e/0x50 [ 475.199931][ C1] ____kasan_slab_free+0x126/0x1e0 [ 475.199950][ C1] slab_free_freelist_hook+0x130/0x1b0 [ 475.199978][ C1] ? rcu_core+0xc51/0x1720 [ 475.199992][ C1] ? rcu_core+0xcc4/0x1720 [ 475.200011][ C1] kmem_cache_free+0xf8/0x280 [ 475.200034][ C1] ? kernfs_put+0x360/0x360 [ 475.200055][ C1] rcu_core+0xcc4/0x1720 [ 475.200078][ C1] ? rcu_cpu_kthread_park+0x90/0x90 [ 475.200093][ C1] ? rcu_qs+0xc5/0x160 [ 475.200113][ C1] ? rcu_softirq_qs+0x2e0/0x2e0 [ 475.200132][ C1] ? kvm_sched_clock_read+0x11/0x20 [ 475.200157][ C1] ? sched_clock_cpu+0x75/0x430 [ 475.200171][ C1] ? lockdep_hardirqs_on+0x98/0x150 [ 475.200199][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 475.200218][ C1] ? lock_chain_count+0x20/0x20 [ 475.200233][ C1] ? __schedule+0x14da/0x44d0 [ 475.200260][ C1] handle_softirqs+0x280/0x820 [ 475.200277][ C1] ? run_ksoftirqd+0x9c/0xf0 [ 475.200296][ C1] ? do_softirq+0x180/0x180 [ 475.200315][ C1] run_ksoftirqd+0x9c/0xf0 [ 475.200331][ C1] ? ksoftirqd_should_run+0x20/0x20 [ 475.200346][ C1] ? takeover_tasklets+0x810/0x810 [ 475.200364][ C1] ? takeover_tasklets+0x810/0x810 [ 475.200379][ C1] ? ksoftirqd_should_run+0x20/0x20 [ 475.200395][ C1] smpboot_thread_fn+0x635/0xa00 [ 475.200420][ C1] ? smpboot_thread_fn+0x50/0xa00 [ 475.200448][ C1] kthread+0x2fa/0x390 [ 475.200461][ C1] ? smpboot_unregister_percpu_thread+0x2a0/0x2a0 [ 475.200488][ C1] ? kthread_blkcg+0xd0/0xd0 [ 475.200502][ C1] ret_from_fork+0x48/0x80 [ 475.200520][ C1] ? kthread_blkcg+0xd0/0xd0 [ 475.200535][ C1] ret_from_fork_asm+0x11/0x20 [ 475.200565][ C1] [ 475.201817][ T29] Kernel panic - not syncing: hung_task: blocked tasks [ 475.524236][ T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted syzkaller #0 [ 475.531446][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 475.541512][ T29] Call Trace: [ 475.544801][ T29] [ 475.547748][ T29] dump_stack_lvl+0x16c/0x230 [ 475.552452][ T29] ? show_regs_print_info+0x20/0x20 [ 475.557665][ T29] ? load_image+0x3b0/0x3b0 [ 475.562193][ T29] panic+0x2c0/0x710 [ 475.566101][ T29] ? schedule_preempt_disabled+0x20/0x20 [ 475.571758][ T29] ? bpf_jit_dump+0xd0/0xd0 [ 475.576281][ T29] ? __irq_work_queue_local+0x13a/0x3b0 [ 475.581908][ T29] ? nmi_trigger_cpumask_backtrace+0x2a4/0x2f0 [ 475.588128][ T29] watchdog+0xf80/0xf80 [ 475.592321][ T29] ? watchdog+0x1e1/0xf80 [ 475.596672][ T29] kthread+0x2fa/0x390 [ 475.600773][ T29] ? hungtask_pm_notify+0x90/0x90 [ 475.605814][ T29] ? kthread_blkcg+0xd0/0xd0 [ 475.610418][ T29] ret_from_fork+0x48/0x80 [ 475.614848][ T29] ? kthread_blkcg+0xd0/0xd0 [ 475.619477][ T29] ret_from_fork_asm+0x11/0x20 [ 475.624268][ T29] [ 475.627632][ T29] Kernel Offset: disabled [ 475.631980][ T29] Rebooting in 86400 seconds..